Lucene search

[email protected]CVE-2010-2352

HistoryJun 21, 2010 - 7:30 p.m.

CVE-2010-2352

2010-06-2119:30:02

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2352

node reference

cck module

drupal

access checks

remote attackers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.

Affected configurations

NVD

Node

karen_stevensoncckMatch5.x-1.0beta

karen_stevensoncckMatch5.x-1.1

karen_stevensoncckMatch5.x-1.2

karen_stevensoncckMatch5.x-1.3

karen_stevensoncckMatch5.x-1.7

karen_stevensoncckMatch5.x-1.xdev

karen_stevensoncckMatch6.x-2.0

karen_stevensoncckMatch6.x-2.0beta

karen_stevensoncckMatch6.x-2.0rc10

karen_stevensoncckMatch6.x-2.0rc2

karen_stevensoncckMatch6.x-2.0rc3

karen_stevensoncckMatch6.x-2.0rc4

karen_stevensoncckMatch6.x-2.0rc5

karen_stevensoncckMatch6.x-2.0rc6

karen_stevensoncckMatch6.x-2.0rc7

karen_stevensoncckMatch6.x-2.0rc8

karen_stevensoncckMatch6.x-2.0rc9

karen_stevensoncckMatch6.x-2.1

karen_stevensoncckMatch6.x-2.2

karen_stevensoncckMatch6.x-2.3

karen_stevensoncckMatch6.x-2.4

karen_stevensoncckMatch6.x-2.5

karen_stevensoncckMatch6.x-2.6

yves_chedemoiscckMatch5.x-1.4

yves_chedemoiscckMatch5.x-1.5

yves_chedemoiscckMatch5.x-1.6

yves_chedemoiscckMatch5.x-1.6-1

yves_chedemoiscckMatch5.x-1.8

yves_chedemoiscckMatch5.x-1.9

yves_chedemoiscckMatch5.x-1.10

AND

drupaldrupal

CPENameOperatorVersion
karen_stevenson:cckkaren stevenson cckeq5.x-1.0
karen_stevenson:cckkaren stevenson cckeq5.x-1.1
karen_stevenson:cckkaren stevenson cckeq5.x-1.2
karen_stevenson:cckkaren stevenson cckeq5.x-1.3
karen_stevenson:cckkaren stevenson cckeq5.x-1.7
karen_stevenson:cckkaren stevenson cckeq5.x-1.x
karen_stevenson:cckkaren stevenson cckeq6.x-2.0
karen_stevenson:cckkaren stevenson cckeq6.x-2.1
karen_stevenson:cckkaren stevenson cckeq6.x-2.2
karen_stevenson:cckkaren stevenson cckeq6.x-2.3

CPE	Name	Operator	Version
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.0
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.1
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.2
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.3
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.7
karen_stevenson:cck	karen stevenson cck	eq	5.x-1.x
karen_stevenson:cck	karen stevenson cck	eq	6.x-2.0
karen_stevenson:cck	karen stevenson cck	eq	6.x-2.1
karen_stevenson:cck	karen stevenson cck	eq	6.x-2.2
karen_stevenson:cck	karen stevenson cck	eq	6.x-2.3

Rows per page:

1-10 of 201

References

drupal.org/node/829566

lists.fedoraproject.org/pipermail/package-announce/2010-June/043100.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043172.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043191.html

osvdb.org/65615

secunia.com/advisories/40243

secunia.com/advisories/40318

www.vupen.com/english/advisories/2010/1546

exchange.xforce.ibmcloud.com/vulnerabilities/59515

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for CVE-2010-2352

prion1 nvd1 cvelist1 nessus3