Lucene search

[email protected]CVE-2013-7066

HistoryApr 29, 2014 - 2:38 p.m.

CVE-2013-7066

2014-04-2914:38:43

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-7066

entity reference module

drupal

remote attackers

private nodes

edit permissions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.

Affected configurations

NVD

Node

entity_reference_projectentityreferenceMatch7.x-1.0-

entity_reference_projectentityreferenceMatch7.x-1.0alpha1

entity_reference_projectentityreferenceMatch7.x-1.0alpha2

entity_reference_projectentityreferenceMatch7.x-1.0beta1

entity_reference_projectentityreferenceMatch7.x-1.0beta2

entity_reference_projectentityreferenceMatch7.x-1.0beta3

entity_reference_projectentityreferenceMatch7.x-1.0beta4

entity_reference_projectentityreferenceMatch7.x-1.0beta5

entity_reference_projectentityreferenceMatch7.x-1.0rc1

entity_reference_projectentityreferenceMatch7.x-1.0rc2

entity_reference_projectentityreferenceMatch7.x-1.0rc3

entity_reference_projectentityreferenceMatch7.x-1.0rc4

entity_reference_projectentityreferenceMatch7.x-1.0rc5

entity_reference_projectentityreferenceMatch7.x-1.xdev

CPENameOperatorVersion
entity_reference_project:entityreferenceentity reference project entityreferenceeq7.x-1.0
entity_reference_project:entityreferenceentity reference project entityreferenceeq7.x-1.x

CPE	Name	Operator	Version
entity_reference_project:entityreference	entity reference project entityreference	eq	7.x-1.0
entity_reference_project:entityreference	entity reference project entityreference	eq	7.x-1.x