CVE-2011-2687

Publication date 27 July 2011

Last updated 24 July 2024

Ubuntu priority

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
drupal6	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
drupal7	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

Notes

sbeattie

from upstream, only affects drupal7

References

MITRE
NVD
Launchpad
Debian

Other references

http://drupal.org/node/1204582
https://www.cve.org/CVERecord?id=CVE-2011-2687