Design/Logic Flaw

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...

CVE-2013-4445

The CVE affects Drupal Context module: 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0. The issue is that the module uses Drupal’s token scheme to restrict access to the json rendering of a block, and this token-based control is not designed for intra-session protection. This allows remote auth...