3 matches found
CVE-2015-3391
CVE-2015-3391 affects the Drupal Path Breadcrumbs module prior to 7.x-3.2. The issue allows remote attackers to bypass access controls and read the 403 page to obtain sensitive node titles. The root cause is improper access restriction checks on 403 Not Found pages. Affected versions are Path Bre...
CVE-2015-3391
The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page...
SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
This module enables you to configure breadcrumbs for any Drupal page. The module doesn't check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user. This vulnerability is mitigated by the fact that it is possible to configure proper access...