4 matches found
CVE-2013-4187
The CVE-2013-4187 entry concerns the Drupal Flippy module (7.x-1.x) prior to 7.x-1.2, where access restrictions for nodes are not properly enforced. This allows remote authenticated users with content-access permissions to read a link or alias to a restricted node, effectively bypassing node visi...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4187. Reason: This candidate is a duplicate of CVE-2013-4187. Notes: All CVE users should reference CVE-2013-4187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2013-4224
The vulnerability tracked as CVE-2013-4187 (CVE-2013-4224 is a duplicate) affects the Flippy module for Drupal 7.x-1.x prior to 7.x-1.2. The module does not properly restrict access to nodes when generating previous/next links, permitting remote authenticated users with the permission to access c...
SA-CONTRIB-2013-061 - Flippy - Access Bypass
This module enables you to generate previous/next links for content types. The module doesn't sufficiently enforce node access when generating previous/next links. A user may be presented with a link including alias if one is set but will not be able to view the node content. This vulnerability i...