Lucene search

[email protected]CVE-2008-6169

HistoryFeb 19, 2009 - 3:30 p.m.

CVE-2008-6169

2009-02-1915:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-6169

cross-site request forgery

csrf

localization client

localization server

drupal

unauthorized actions

administrators

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the “local translation submission interface.”

Affected configurations

NVD

Node

drupallocalization_clientRange≤5.x-1.0

drupallocalization_clientRange≤6.x-1.5

drupallocalization_clientMatch5.x-1.xdev

drupallocalization_clientMatch6.x-1.0

drupallocalization_clientMatch6.x-1.1

drupallocalization_clientMatch6.x-1.2

drupallocalization_clientMatch6.x-1.3

drupallocalization_clientMatch6.x-1.4

drupallocalization_clientMatch6.x-1.xdev

drupallocalization_serverRange≤5.x-1.0alpha4

drupallocalization_serverRange≤6.x-1.0alpha1

drupallocalization_serverMatch5.x-1.0alpha1

drupallocalization_serverMatch5.x-1.0alpha2

drupallocalization_serverMatch5.x-1.0alpha3

drupallocalization_serverMatch5.x-1.xdev

drupallocalization_serverMatch6.x-1.xdev

CPENameOperatorVersion
drupal:localization_clientdrupal localization clientle5.x-1.0
drupal:localization_clientdrupal localization clientle6.x-1.5
drupal:localization_clientdrupal localization clienteq5.x-1.xdev
drupal:localization_clientdrupal localization clienteq6.x-1.0
drupal:localization_clientdrupal localization clienteq6.x-1.1
drupal:localization_clientdrupal localization clienteq6.x-1.2
drupal:localization_clientdrupal localization clienteq6.x-1.3
drupal:localization_clientdrupal localization clienteq6.x-1.4
drupal:localization_clientdrupal localization clienteq6.x-1.xdev
drupal:localization_serverdrupal localization serverle5.x-1.0alpha4

CPE	Name	Operator	Version
drupal:localization_client	drupal localization client	le	5.x-1.0
drupal:localization_client	drupal localization client	le	6.x-1.5
drupal:localization_client	drupal localization client	eq	5.x-1.xdev
drupal:localization_client	drupal localization client	eq	6.x-1.0
drupal:localization_client	drupal localization client	eq	6.x-1.1
drupal:localization_client	drupal localization client	eq	6.x-1.2
drupal:localization_client	drupal localization client	eq	6.x-1.3
drupal:localization_client	drupal localization client	eq	6.x-1.4
drupal:localization_client	drupal localization client	eq	6.x-1.xdev
drupal:localization_server	drupal localization server	le	5.x-1.0alpha4

Rows per page:

1-10 of 161

References

drupal.org/node/324862

secunia.com/advisories/32388

exchange.xforce.ibmcloud.com/vulnerabilities/46044

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2008-6169

nvd1 prion1 cvelist1