Lucene search

[email protected]CVE-2013-1925

HistoryJul 16, 2013 - 6:55 p.m.

CVE-2013-1925

2013-07-1618:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1925

drupal

chaos tool suite

ctools

node access

access control

authentication

nvd

6.4 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the “access content” permission to read restricted node titles via an autocomplete list.

CPENameOperatorVersion
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.0
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.1
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.x
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.2

CPE	Name	Operator	Version
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.0
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.1
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.x
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.2

References

osvdb.org/91986

packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html

seclists.org/fulldisclosure/2013/Apr/8

drupal.org/node/1960406

drupal.org/node/1960424

exchange.xforce.ibmcloud.com/vulnerabilities/83254

6.4 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON

Related for CVE-2013-1925

cvelist1 prion1 drupal1