4 matches found
CVE-2013-4596
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing...
CVE-2013-4596
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing...
CVE-2013-4596
The CVE-2013-4596 entry concerns Drupal’s Node Access Keys module (7.x-1.x) prior to 7.x-1.1. The vulnerability arises from insufficient permission checks, allowing remote attackers to bypass access restrictions via a node listing. Affected version: Node Access Keys 7.x-1.0 (Drupal 7). The issue ...
SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass
Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view access. CVE identifiers issued CVE-2013-4596...