CVE-2012-4483

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.

Date published : 2012-10-31

http://drupal.org/node/1679908

http://drupalcode.org/project/commons.git/commitdiff/8ef688b