CVE-2013-0226

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/01/25/4
https://drupal.org/node/1896752
http://www.openwall.com/lists/oss-security/2013/01/25/4
https://drupal.org/node/1896752

Configurations

Configuration 1 (hide)

cpe:2.3:a:zugec_ivan:keyboard_shortcut_utility:7.x-1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:47

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2013/01/25/4 -~~	() http://www.openwall.com/lists/oss-security/2013/01/25/4 -
References	~~() https://drupal.org/node/1896752 -~~	() https://drupal.org/node/1896752 -

Information

Published : 2013-03-19 14:55

Updated : 2024-11-21 01:47

NVD link : CVE-2013-0226

Mitre link : CVE-2013-0226

CVE.ORG link : CVE-2013-0226

JSON object : View

Products Affected

zugec_ivan

keyboard_shortcut_utility

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-0226", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-19T14:55:02.690", "references": [{"url": "http://www.openwall.com/lists/oss-security/2013/01/25/4", "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/1896752", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/25/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/1896752", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the \"view shortcuts\" permission to read nodes or (2) remote authenticated users with the \"admin shortcuts\" permission to read, edit, or delete nodes via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo Keyboard Shortcut Utility v7.x-1.x anterior a v7.x-1.1 para Drupal no comprueba correctamente las restricciones de nodos, lo que permite (1) a usuarios remotos autenticados con el permiso \"vista de accesos directos\" para leer los nodos o (2) usuarios remotos autenticados con los permisos para leer \"atajos admin\", editar o eliminar nodos a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:47:06.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zugec_ivan:keyboard_shortcut_utility:7.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0D92572-8B48-4709-AAB9-E3801C2079E4"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}