Lucene search

[email protected]CVE-2008-2771

HistoryJun 18, 2008 - 10:41 p.m.

CVE-2008-2771

2008-06-1822:41:00

CWE-264

[email protected]

web.nvd.nist.gov

drupal

node hierarchy

cve-2008-2771

access checks

remote attackers

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with “access content” permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Affected configurations

NVD

Node

drupaldrupalMatch5.0

drupaldrupalMatch6.0

drupalnode_hierarchy_moduleMatch5

drupalnode_hierarchy_moduleMatch6

CPENameOperatorVersion
drupal:drupaldrupaleq5.0
drupal:drupaldrupaleq6.0
drupal:node_hierarchy_moduledrupal node hierarchy moduleeq5
drupal:node_hierarchy_moduledrupal node hierarchy moduleeq6

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	5.0
drupal:drupal	drupal	eq	6.0
drupal:node_hierarchy_module	drupal node hierarchy module	eq	5
drupal:node_hierarchy_module	drupal node hierarchy module	eq	6

References

drupal.org/node/269473

secunia.com/advisories/30622

www.securityfocus.com/bid/29675

exchange.xforce.ibmcloud.com/vulnerabilities/43006

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2008-2771

prion1 nvd1 cvelist1