Lucene search

[email protected]CVE-2013-1907

HistoryJul 16, 2013 - 6:55 p.m.

CVE-2013-1907

2013-07-1618:55:01

CWE-264

[email protected]

web.nvd.nist.gov

commons group module

drupal

access restriction

remote attackers

arbitrary content

nvd

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.

Affected configurations

NVD

Node

acquiacommonsRange≤7.x-3.0

acquiacommonsMatch_group7.x-3.xdev

acquiacommonsMatch7.x-3.xdev

acquiacommons_groupRange≤7.x-3.0

AND

drupaldrupalMatch-

CPENameOperatorVersion
acquia:commonsacquia commonsle7.x-3.0
acquia:commonsacquia commonseq_group7.x-3.x
acquia:commonsacquia commonseq7.x-3.x
acquia:commons_groupacquia commons grouple7.x-3.0

CPE	Name	Operator	Version
acquia:commons	acquia commons	le	7.x-3.0
acquia:commons	acquia commons	eq	_group7.x-3.x
acquia:commons	acquia commons	eq	7.x-3.x
acquia:commons_group	acquia commons group	le	7.x-3.0

References

osvdb.org/91748

packetstormsecurity.com/files/120991/Drupal-Common-Groups-7.x-Access-Bypass-Privilege-Escalation.html

seclists.org/fulldisclosure/2013/Mar/242

secunia.com/advisories/52769

secunia.com/advisories/52795

drupal.org/node/1954762

drupal.org/node/1954764

drupal.org/node/1954948

exchange.xforce.ibmcloud.com/vulnerabilities/83133

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2013-1907

drupal1 cvelist1 nvd1 prion1