Lucene search

[email protected]CVE-2013-4445

HistoryDec 07, 2013 - 8:55 p.m.

CVE-2013-4445

2013-12-0720:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4445

drupal

context module

json

security

vulnerability

nvd

access token

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.9%

JSON

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal’s token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

Affected configurations

NVD

Node

steven_jonescontextMatch6.x-2.0alpha1

steven_jonescontextMatch6.x-2.0alpha2

steven_jonescontextMatch6.x-2.0beta1

steven_jonescontextMatch6.x-2.0beta2

steven_jonescontextMatch6.x-2.0beta3

steven_jonescontextMatch6.x-2.0beta4

steven_jonescontextMatch6.x-2.0beta5

steven_jonescontextMatch6.x-2.0beta6

steven_jonescontextMatch6.x-2.0beta7

steven_jonescontextMatch6.x-2.0rc1

steven_jonescontextMatch6.x-2.0rc2

steven_jonescontextMatch6.x-2.0rc3

steven_jonescontextMatch6.x-3.0

steven_jonescontextMatch6.x-3.0alpha1

steven_jonescontextMatch6.x-3.0alpha2

steven_jonescontextMatch6.x-3.0beta1

steven_jonescontextMatch6.x-3.0beta2

steven_jonescontextMatch6.x-3.0beta3

steven_jonescontextMatch6.x-3.0beta4

steven_jonescontextMatch6.x-3.0beta5

steven_jonescontextMatch6.x-3.0beta6

steven_jonescontextMatch6.x-3.0beta7

steven_jonescontextMatch6.x-3.0beta8

steven_jonescontextMatch6.x-3.0rc1

steven_jonescontextMatch6.x-3.0rc2

steven_jonescontextMatch6.x-3.1

steven_jonescontextMatch6.x-3.xdev

steven_jonescontextMatch7.x-3.0alpha1

steven_jonescontextMatch7.x-3.0alpha2

steven_jonescontextMatch7.x-3.0alpha3

steven_jonescontextMatch7.x-3.0beta1

steven_jonescontextMatch7.x-3.0beta2

steven_jonescontextMatch7.x-3.0beta3

steven_jonescontextMatch7.x-3.0beta4

steven_jonescontextMatch7.x-3.0beta5

steven_jonescontextMatch7.x-3.0beta6

steven_jonescontextMatch7.x-3.0beta7

steven_jonescontextMatch7.x-3.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
steven_jones:contextsteven jones contexteq6.x-2.0
steven_jones:contextsteven jones contexteq6.x-3.0
steven_jones:contextsteven jones contexteq6.x-3.1
steven_jones:contextsteven jones contexteq6.x-3.x
steven_jones:contextsteven jones contexteq7.x-3.0
steven_jones:contextsteven jones contexteq7.x-3.x

CPE	Name	Operator	Version
steven_jones:context	steven jones context	eq	6.x-2.0
steven_jones:context	steven jones context	eq	6.x-3.0
steven_jones:context	steven jones context	eq	6.x-3.1
steven_jones:context	steven jones context	eq	6.x-3.x
steven_jones:context	steven jones context	eq	7.x-3.0
steven_jones:context	steven jones context	eq	7.x-3.x