Описание
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:storage_api_project:storage_api:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.7:*:*:*:*:drupal:*:*
EPSS
Процентиль: 70%
0.00647
Низкий
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
около 3 лет назад
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
EPSS
Процентиль: 70%
0.00647
Низкий
7.5 High
CVSS2
Дефекты
CWE-284