CVE-2010-4775

The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/974668	Patch
http://drupal.org/node/974672	Patch
http://drupal.org/node/975094	Patch Vendor Advisory
http://osvdb.org/69368
http://secunia.com/advisories/42228	Vendor Advisory
http://www.securityfocus.com/bid/44932
https://exchange.xforce.ibmcloud.com/vulnerabilities/63331

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.0:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.1:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.2:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.3:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.x-dev:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.0:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.1:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.2:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.3:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.4:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.x-dev:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-03-23 22:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4775

Mitre link : CVE-2010-4775

CVE.ORG link : CVE-2010-4775

JSON object : View

Products Affected

nicholas_thompson

relevant_content

drupal

drupal

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-4775", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-03-23T22:00:02.167", "references": [{"url": "http://drupal.org/node/974668", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/974672", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/975094", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/69368", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42228", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/44932", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63331", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships."}, {"lang": "es", "value": "El m\u00f3dulo Relevant Content v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.5 para Drupal no aplica adecuadamente la l\u00f3gica de acceso a nodo, lo que permite a atacantes remotos a descubrir t\u00edtulos de nodos restringidos y relaciones."}], "lastModified": "2017-08-17T01:33:21.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71F26C65-8ACB-4BDC-A5C6-D10E233F8680"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49798E2C-D64A-42E7-A3BD-ACA2A6CAFAA5"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A30B0D0F-D90B-4C67-96C1-C7CA3F7625FB"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CBBA2FC-A60C-4EAF-A901-7FD06C12C7A3"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.x-dev:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2922D15-F666-452F-92DB-8CA1948EA05E"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80EFC284-085B-4887-85E5-ADFCC232BA45"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0560A41-EE96-44DE-922A-A87F0A81436F"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA2CE17-AED5-48D8-B933-A11AB0F56F8E"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45974BFD-C2DC-46AA-809A-0DDAB86F7A36"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1973AB3-F994-488F-94D6-6FA39999B29C"}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.x-dev:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99C57CA1-4FFF-487F-94FF-9833D4F605E5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}