CVE-2013-2123

Опубликовано: 28 авг. 2013

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2013/05/29/9
https://drupal.org/node/2007072
Patch
https://drupal.org/node/2007078
Patch
https://drupal.org/node/2007122
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/05/29/9
https://drupal.org/node/2007072
Patch
https://drupal.org/node/2007078
Patch
https://drupal.org/node/2007122
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc1:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc2:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc3:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc5:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.0:rc6:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.1:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.2:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.3:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.4:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:6.x-3.x:dev:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:rc1:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:rc2:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:rc3:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.0:rc5:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.1:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.2:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.3:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.4:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.5:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.6:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.7:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.8:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.9:*:*:*:*:*:*:*

cpe:2.3:a:node_access_user_reference_project:nodeaccess_userreference_module:7.x-3.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00548

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-x42v-g6h6-346r

github

около 3 лет назад