Lucene search
HistoryJan 24, 2014 - 6:55 p.m.
CVE-2014-1476
taxonomy
drupal
cve-2014-1476
security
information disclosure
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.3%
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
Affected configurations
Node
drupaldrupalMatch7.0
ORdrupaldrupalMatch7.0alpha1
ORdrupaldrupalMatch7.0alpha2
ORdrupaldrupalMatch7.0alpha3
ORdrupaldrupalMatch7.0alpha4
ORdrupaldrupalMatch7.0alpha5
ORdrupaldrupalMatch7.0alpha6
ORdrupaldrupalMatch7.0alpha7
ORdrupaldrupalMatch7.0beta1
ORdrupaldrupalMatch7.0beta2
ORdrupaldrupalMatch7.0beta3
ORdrupaldrupalMatch7.0dev
ORdrupaldrupalMatch7.0rc1
ORdrupaldrupalMatch7.0rc2
ORdrupaldrupalMatch7.0rc3
ORdrupaldrupalMatch7.0rc4
ORdrupaldrupalMatch7.1
ORdrupaldrupalMatch7.2
ORdrupaldrupalMatch7.10
ORdrupaldrupalMatch7.11
ORdrupaldrupalMatch7.12
ORdrupaldrupalMatch7.13
ORdrupaldrupalMatch7.14
ORdrupaldrupalMatch7.15
ORdrupaldrupalMatch7.16
ORdrupaldrupalMatch7.17
ORdrupaldrupalMatch7.18
ORdrupaldrupalMatch7.19
ORdrupaldrupalMatch7.20
ORdrupaldrupalMatch7.21
ORdrupaldrupalMatch7.22
ORdrupaldrupalMatch7.23
ORdrupaldrupalMatch7.24
Related
ubuntucve
ubuntucve
CVE-2014-1476
2014-01-24 00:00:00
cvelist
cvelist
CVE-2014-1476
2014-01-24 18:00:00
debiancve
debiancve
CVE-2014-1476
2014-01-24 18:55:00
prion
prion
Code injection
2014-01-24 18:55:00
nvd
nvd
CVE-2014-1476
2014-01-24 18:55:05
nessus
nessus
Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)
2014-02-16 00:00:00
Debian DSA-2847-1 : drupal7 - several vulnerabilities
2014-01-21 00:00:00
Drupal 7.x < 7.26 Multiple Vulnerabilities
2014-01-23 00:00:00
debian
debian
[SECURITY] [DSA 2847-1] drupal7 security update
2014-01-20 22:40:29
[SECURITY] [DSA 2847-1] drupal7 security update
2014-01-20 22:40:29
securityvulns
securityvulns
[SECURITY] [DSA 2847-1] drupal7 security update
2014-02-03 00:00:00
openvas
openvas
Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)
2014-01-20 00:00:00
Debian: Security Advisory (DSA-2847-1)
2014-01-19 00:00:00
Mageia: Security Advisory (MGASA-2014-0031)
2022-01-28 00:00:00
mageia
mageia
Updated drupal package fixes security vulnerabilities
2014-01-31 20:43:58
drupal
drupal
SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities
2014-01-15 00:00:00
osv
osv
drupal7 - several
2014-01-20 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.3%
Related for CVE-2014-1476