Lucene search

[email protected]NVD:CVE-2013-2123

HistoryAug 28, 2013 - 10:55 p.m.

CVE-2013-2123

2013-08-2822:55:05

CWE-264

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author’s user account is deleted, which allows remote attackers to modify the content via unspecified vectors.

Affected configurations

NVD

Node

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc1

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc2

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc3

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc4

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc5

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.0rc6

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.1

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.2

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.3

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.4

node_access_user_reference_projectnodeaccess_userreference_moduleMatch6.x-3.xdev

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0rc1

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0rc2

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0rc3

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0rc4

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.0rc5

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.1

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.2

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.3

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.4

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.5

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.6

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.7

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.8

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.9

node_access_user_reference_projectnodeaccess_userreference_moduleMatch7.x-3.xdev

AND

drupaldrupalMatch-

References

www.openwall.com/lists/oss-security/2013/05/29/9

drupal.org/node/2007072

drupal.org/node/2007078

drupal.org/node/2007122

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for NVD:CVE-2013-2123

cve1 cvelist1 seebug1 prion1 drupal1