Lucene search

[email protected]NVD:CVE-2013-4445

HistoryDec 07, 2013 - 8:55 p.m.

CVE-2013-4445

2013-12-0720:55:02

CWE-264

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.9%

JSON

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal’s token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

Affected configurations

NVD

Node

steven_jonescontextMatch6.x-2.0alpha1

steven_jonescontextMatch6.x-2.0alpha2

steven_jonescontextMatch6.x-2.0beta1

steven_jonescontextMatch6.x-2.0beta2

steven_jonescontextMatch6.x-2.0beta3

steven_jonescontextMatch6.x-2.0beta4

steven_jonescontextMatch6.x-2.0beta5

steven_jonescontextMatch6.x-2.0beta6

steven_jonescontextMatch6.x-2.0beta7

steven_jonescontextMatch6.x-2.0rc1

steven_jonescontextMatch6.x-2.0rc2

steven_jonescontextMatch6.x-2.0rc3

steven_jonescontextMatch6.x-3.0

steven_jonescontextMatch6.x-3.0alpha1

steven_jonescontextMatch6.x-3.0alpha2

steven_jonescontextMatch6.x-3.0beta1

steven_jonescontextMatch6.x-3.0beta2

steven_jonescontextMatch6.x-3.0beta3

steven_jonescontextMatch6.x-3.0beta4

steven_jonescontextMatch6.x-3.0beta5

steven_jonescontextMatch6.x-3.0beta6

steven_jonescontextMatch6.x-3.0beta7

steven_jonescontextMatch6.x-3.0beta8

steven_jonescontextMatch6.x-3.0rc1

steven_jonescontextMatch6.x-3.0rc2

steven_jonescontextMatch6.x-3.1

steven_jonescontextMatch6.x-3.xdev

steven_jonescontextMatch7.x-3.0alpha1

steven_jonescontextMatch7.x-3.0alpha2

steven_jonescontextMatch7.x-3.0alpha3

steven_jonescontextMatch7.x-3.0beta1

steven_jonescontextMatch7.x-3.0beta2

steven_jonescontextMatch7.x-3.0beta3

steven_jonescontextMatch7.x-3.0beta4

steven_jonescontextMatch7.x-3.0beta5

steven_jonescontextMatch7.x-3.0beta6

steven_jonescontextMatch7.x-3.0beta7

steven_jonescontextMatch7.x-3.xdev

AND

drupaldrupalMatch-

References

lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html

lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html

lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html

drupal.org/node/2112785

drupal.org/node/2112791

drupal.org/node/2113317

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for NVD:CVE-2013-4445

cve1 prion1 cvelist1 nessus6 fedora6 openvas8