Lucene search

[email protected]CVE-2013-4406

HistoryMay 19, 2014 - 2:55 p.m.

CVE-2013-4406

2014-05-1914:55:07

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4406

drupal

quick tabs

information security

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab.

Affected configurations

NVD

Node

quick_tabs_module_projectquicktabsMatch6.x-3.0-drupal

quick_tabs_module_projectquicktabsMatch6.x-3.0beta1drupal

quick_tabs_module_projectquicktabsMatch6.x-3.0beta2drupal

quick_tabs_module_projectquicktabsMatch6.x-3.1drupal

quick_tabs_module_projectquicktabsMatch6.x-3.xdevdrupal

Node

quick_tabs_module_projectquicktabsMatch7.x-3.0-drupal

quick_tabs_module_projectquicktabsMatch7.x-3.0alpha1drupal

quick_tabs_module_projectquicktabsMatch7.x-3.0alpha2drupal

quick_tabs_module_projectquicktabsMatch7.x-3.0beta1drupal

quick_tabs_module_projectquicktabsMatch7.x-3.0beta2drupal

quick_tabs_module_projectquicktabsMatch7.x-3.0beta3drupal

quick_tabs_module_projectquicktabsMatch7.x-3.1drupal

quick_tabs_module_projectquicktabsMatch7.x-3.2drupal

quick_tabs_module_projectquicktabsMatch7.x-3.3drupal

quick_tabs_module_projectquicktabsMatch7.x-3.4drupal

quick_tabs_module_projectquicktabsMatch7.x-3.5drupal

quick_tabs_module_projectquicktabsMatch7.x-3.xdevdrupal

Node

quick_tabs_module_projectquicktabsMatch6.x-2.0-drupal

quick_tabs_module_projectquicktabsMatch6.x-2.0rc1drupal

quick_tabs_module_projectquicktabsMatch6.x-2.0rc2drupal

quick_tabs_module_projectquicktabsMatch6.x-2.0rc3drupal

quick_tabs_module_projectquicktabsMatch6.x-2.0rc4drupal

quick_tabs_module_projectquicktabsMatch6.x-2.0rc5drupal

quick_tabs_module_projectquicktabsMatch6.x-2.1drupal

quick_tabs_module_projectquicktabsMatch6.x-2.xdevdrupal

CPENameOperatorVersion
quick_tabs_module_project:quicktabsquick tabs module project quicktabseq6.x-3.0
quick_tabs_module_project:quicktabsquick tabs module project quicktabseq6.x-3.1
quick_tabs_module_project:quicktabsquick tabs module project quicktabseq6.x-3.x

CPE	Name	Operator	Version
quick_tabs_module_project:quicktabs	quick tabs module project quicktabs	eq	6.x-3.0
quick_tabs_module_project:quicktabs	quick tabs module project quicktabs	eq	6.x-3.1
quick_tabs_module_project:quicktabs	quick tabs module project quicktabs	eq	6.x-3.x

References

www.openwall.com/lists/oss-security/2013/10/04/14

www.openwall.com/lists/oss-security/2013/10/05/1

drupal.org/node/2103113

drupal.org/node/2103121

drupal.org/node/2103127

drupal.org/node/2103187

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for CVE-2013-4406

prion1 cvelist1 nvd1 drupal1