Lucene search

[email protected]NVD:CVE-2013-0226

HistoryMar 19, 2013 - 2:55 p.m.

CVE-2013-0226

2013-03-1914:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

60.9%

JSON

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the “view shortcuts” permission to read nodes or (2) remote authenticated users with the “admin shortcuts” permission to read, edit, or delete nodes via unspecified vectors.

Affected configurations

Nvd

Node

zugec_ivankeyboard_shortcut_utilityMatch7.x-1.0

VendorProductVersionCPE
zugec_ivankeyboard_shortcut_utility7.x-1.0cpe:2.3:a:zugec_ivan:keyboard_shortcut_utility:7.x-1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zugec_ivan	keyboard_shortcut_utility	7.x-1.0	cpe:2.3:a:zugec_ivan:keyboard_shortcut_utility:7.x-1.0:::::::*

References

www.openwall.com/lists/oss-security/2013/01/25/4

drupal.org/node/1896752

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

60.9%

JSON

Related for NVD:CVE-2013-0226

drupal1 prion1 cvelist1 cve1