Vulnerability in Announcements Module Allows Bypass of Node Access Restrictions

Vulnerability in Announcements Module Allows Bypass of Node Access Restrictions

CVE-2012-4500 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.

Learn more about our User Device Pen Test.