CVE-2008-0275

{"id": "CVE-2008-0275", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-15T20:00:00.000", "references": [{"url": "http://drupal.org/node/208527", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39607", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content."}, {"lang": "es", "value": "El Atom 4.7 anterior a 4.7.x-1.0 y 5.x anterior al m\u00f3dulo 5.x-1.0 para Drupal no maneja de forma adecuada los permisos para los nodos (1) titles, (2) teasers, y (3) bodies, el cual podr\u00eda permitir a atacantes remotos ganar privilegios de acceso en el contenido sindicado."}], "lastModified": "2017-08-08T01:29:27.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:atom_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32212177-C230-4E43-BEAD-57215D5EB5E6", "versionEndIncluding": "4.7"}, {"criteria": "cpe:2.3:a:drupal:atom_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C63555FB-6BAE-4280-BF7B-BA4DA734DE0C", "versionEndIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}