Design/Logic Flaw

2013-12-0720:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.9%

JSON

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal’s token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

CPENameOperatorVersion
contexteq6.x-2.0 beta7
contexteq6.x-2.0 beta2
contexteq6.x-2.0 beta4
contexteq6.x-2.0 rc3
contexteq6.x-2.0 beta6
contexteq6.x-2.0 beta1
contexteq6.x-2.0 rc1
contexteq6.x-2.0 beta3
contexteq6.x-2.0 alpha2
contexteq6.x-2.0 rc2

Name	Operator	Version
context	eq	6.x-2.0 beta7
context	eq	6.x-2.0 beta2
context	eq	6.x-2.0 beta4
context	eq	6.x-2.0 rc3
context	eq	6.x-2.0 beta6
context	eq	6.x-2.0 beta1
context	eq	6.x-2.0 rc1
context	eq	6.x-2.0 beta3
context	eq	6.x-2.0 alpha2
context	eq	6.x-2.0 rc2