CVE-2012-4483
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.
Date published : 2012-10-31
http://drupal.org/node/1679908
http://drupalcode.org/project/commons.git/commitdiff/8ef688b