CVE-2014-1476

Sažetak

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.

Reference

http://secunia.com/advisories/56260
http://www.debian.org/security/2014/dsa-2847
http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
http://www.securityfocus.com/bid/64973
https://drupal.org/SA-CORE-2014-001

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-02-2014 - 05:06

Objavljeno

24-01-2014 - 18:55