CVE-2012-4483 Information

Description

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions which might allow remote attackers to obtain sensitive information via the recent comments listing.

Reference

http://drupal.org/node/1679820 http://drupal.org/node/1679908 http://drupalcode.org/project/commons.git/commitdiff/8ef688b http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1