Lucene search
HistoryAug 06, 2014 - 6:55 p.m.
CVE-2014-5179
drupal
freelinking module
cve-2014-5179
security vulnerability
access permissions
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.0%
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
Affected configurations
Node
freelinking_for_case_tracker_projectfreelinking_for_case_trackerMatch-drupal
ORfreelinking_projectfreelinkingMatch-drupal
Related
drupal
drupal
SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass
2014-07-23 00:00:00
cvelist
cvelist
CVE-2014-5179
2014-08-06 18:00:00
nvd
nvd
CVE-2014-5179
2014-08-06 18:55:06
prion
prion
Design/Logic Flaw
2014-08-06 18:55:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.0%
Related for CVE-2014-5179