The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
References
Link | Resource |
---|---|
https://drupal.org/node/2059589 | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2013/08/10/1 | Mailing List Third Party Advisory |
https://drupal.org/node/2058165 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-02-18 11:15
Updated : 2020-02-26 08:37
NVD link : CVE-2013-4226
Mitre link : CVE-2013-4226
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
drupal
- authenticated_user_page_caching