CVE-2008-1731

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://drupal.org/node/244560	Patch Vendor Advisory
http://secunia.com/advisories/29772	Vendor Advisory
http://www.securityfocus.com/bid/28720	Patch
http://www.osvdb.org/44271
http://www.vupen.com/english/advisories/2008/1184
https://exchange.xforce.ibmcloud.com/vulnerabilities/41756

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:3281d:simple_access:5.x-1.1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2-1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.0:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:::::::*

Information

Published : 2008-04-11 12:05

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1731

Mitre link : CVE-2008-1731

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

3281d

simple_access

drupal

drupal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://drupal.org/node/244560", "name": "http://drupal.org/node/244560", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/29772", "name": "29772", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28720", "name": "28720", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.osvdb.org/44271", "name": "44271", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2008/1184", "name": "ADV-2008-1184", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756", "name": "simpleaccess-privacy-info-disclosure(41756)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1731", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-04-11T19:05Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.2-1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}