Vulnerability CVE-2008-1731


Published: 2008-04-11   Modified: 2012-02-12

Description:
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
3281d -> Simple access 

 References:
http://www.securityfocus.com/bid/28720
http://drupal.org/node/244560
http://xforce.iss.net/xforce/xfdb/41756
http://www.vupen.com/english/advisories/2008/1184
http://www.osvdb.org/44271
http://secunia.com/advisories/29772

Copyright 2024, cxsecurity.com

 

Back to Top