CVE-2013-0245
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.7%
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the “access printer-friendly version” permission to read node titles and possibly node content via unspecified vectors.
Affected configurations
References
osvdb.org/89305
packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html
seclists.org/fulldisclosure/2013/Jan/120
seclists.org/oss-sec/2013/q1/211
secunia.com/advisories/51717
www.debian.org/security/2013/dsa-2776
drupal.org/SA-CORE-2013-001
exchange.xforce.ibmcloud.com/vulnerabilities/81380
Related
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.7%