[email protected]CVE-2013-4502

HistoryMay 13, 2014 - 3:55 p.m.

CVE-2013-4502

2014-05-1315:55:00

CWE-264

[email protected]

web.nvd.nist.gov

filefield sources

drupal

cve-2013-4502

nvd

file permissions

remote access

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.

CPENameOperatorVersion
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.2
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.3
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.4
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.5
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.6
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.7
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.8
nathan_haug:filefield_sourcesnathan haug filefield sourceseq7.x-1.x
nathan_haug:filefield_sourcesnathan haug filefield sourceseq6.x-1.0
nathan_haug:filefield_sourcesnathan haug filefield sourceseq6.x-1.1

CPE	Name	Operator	Version
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.2
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.3
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.4
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.5
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.6
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.7
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.8
nathan_haug:filefield_sources	nathan haug filefield sources	eq	7.x-1.x
nathan_haug:filefield_sources	nathan haug filefield sources	eq	6.x-1.0
nathan_haug:filefield_sources	nathan haug filefield sources	eq	6.x-1.1

Rows per page:

1-10 of 171

References

seclists.org/oss-sec/2013/q4/210

drupal.org/node/2124217

drupal.org/node/2124219

drupal.org/node/2124241

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVE-2013-4502

cvelist1 drupal1 prion1