CVE-2013-1973

{"id": "CVE-2013-1973", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-09T19:55:06.943", "references": [{"url": "http://osvdb.org/92532", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52996", "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/1971848", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/1971856", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/1972976", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/92532", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52996", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/1971848", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/1971856", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/1972976", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors."}, {"lang": "es", "value": "La rellamada de autocompletar en Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) m\u00f3dulo 6.x-1.x anterior a 6.x-1.4 y 7.x-1.x anterior a 7.x-1.0-rc1 no maneja debidamente permisos de nodo, loque permite a usuarios remotos autenticados obtener valores de campos sensibles a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:50:46.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.0:-:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "CF645DF0-F227-40EE-B24F-033B819ADC69"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.1:-:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "C1B5073B-4061-4BA0-B46D-FFDDCFDD8B31"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.2:-:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "54B02DEF-7CAD-4C3F-92A7-8CB1620AC29F"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:6.x-1.3:-:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "46BB3A14-7F20-4859-914D-D09BDD22904E"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:7.x-1.x:alpha1:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "A0D12F8C-E107-4942-B8A1-3E3F8316B3C8"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:7.x-1.x:beta1:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "84AEC576-1854-454B-9873-81AD1435B13D"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:7.x-1.x:beta2:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "49BFB7EC-A679-4E51-B878-9EBE2ED0FDC4"}, {"criteria": "cpe:2.3:a:autocomplete_widgets_project:autocomplete_widgets:7.x-1.x:dev:-:*:-:drupal:*:*", "vulnerable": true, "matchCriteriaId": "14680478-F0BB-452E-9AB0-441633DDB8E2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}