Описание
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-1398
- https://bugzilla.redhat.com/show_bug.cgi?id=1050802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90215
- https://www.drupal.org/node/2169595
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
- http://www.openwall.com/lists/oss-security/2014/01/09/3
- http://www.securityfocus.com/bid/64729
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.