CVE-2008-1731

Sažetak

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

Reference

http://drupal.org/node/244560
http://secunia.com/advisories/29772
http://www.osvdb.org/44271
http://www.securityfocus.com/bid/28720
http://www.vupen.com/english/advisories/2008/1184
https://exchange.xforce.ibmcloud.com/vulnerabilities/41756

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:30

Objavljeno

11-04-2008 - 19:05