Access bypass in Drupal - CVE-2014-1476
Published: September 15, 2016
Vulnerability identifier: #VU451
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-1476
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to read a potentially sensitive data.
The weakness exists due to emersion of unpublished content in the lists of Taxonomy or Custom modules that opens data for users not allowed to see it before.
Successful exploitation of the vulnerability may allow attackers to get potentially sensitive data.
The weakness exists due to emersion of unpublished content in the lists of Taxonomy or Custom modules that opens data for users not allowed to see it before.
Successful exploitation of the vulnerability may allow attackers to get potentially sensitive data.