Access bypass in Drupal - #VU521
Published: September 19, 2016
Vulnerability identifier: #VU521
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user without permission to access potentially sensitive information.
The weakness exists due to flaws in Content Translation module functionality that allows users to obtain unpublished nodes they couldn't view before.
Successful exploitation of the vulnerability may end up with getting access to potentially sensitive data.
The weakness exists due to flaws in Content Translation module functionality that allows users to obtain unpublished nodes they couldn't view before.
Successful exploitation of the vulnerability may end up with getting access to potentially sensitive data.