All the vulnerabilites related to quade - edit_limit
Vulnerability from fkie_nvd
Published
2013-07-16 18:55
Modified
2024-11-21 01:51
Severity ?
Summary
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quade | edit_limit | 7.x-1.0 | |
| quade | edit_limit | 7.x-1.0 | |
| quade | edit_limit | 7.x-1.0 | |
| quade | edit_limit | 7.x-1.0 | |
| quade | edit_limit | 7.x-1.0 | |
| quade | edit_limit | 7.x-1.1 | |
| quade | edit_limit | 7.x-1.2 | |
| quade | edit_limit | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38BC0267-91AE-40F6-9B95-793DA675956D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DB6A1161-CF99-4421-AD73-7BAB6AA3B60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4B26B8F8-D6B9-466D-BDF0-55A104BF1614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C72A8F6E-F949-47FB-AF6A-FF42B18FCDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "87779D72-190B-4A38-8B1D-0507965F616B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB23F27-D97C-49EA-99C9-C8010C1B2D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A8F886-A3EC-4075-A04C-BB8AD9E4F678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quade:edit_limit:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "EFDBDD60-27FC-4664-A25E-D0BABF1E9E37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the \"edit comments\" permission to edit arbitrary comments of other users via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Edit Limit v7.x-1.x anterior a v7.x-1.3 para Drupal no restringe adecuadamente el acceso a los comentarios, permitiendo a usuarios remotos autenticados con los permisos \"edit comments\" editar los comentarios arbitrarias de otros usuarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2122",
"lastModified": "2024-11-21T01:51:04.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-16T18:55:01.340",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/93725"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/May/208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53556"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/29/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/60209"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2006188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007048"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/May/208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/29/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2006188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-2122
Vulnerability from cvelistv5
Published
2013-07-16 18:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drupal.org/node/2007048 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2013/May/208 | mailing-list, x_refsource_FULLDISC | |
| http://www.openwall.com/lists/oss-security/2013/05/29/9 | mailing-list, x_refsource_MLIST | |
| https://drupal.org/node/2006188 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84630 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/93725 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/60209 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/53556 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2007048"
},
{
"name": "20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/May/208"
},
{
"name": "[oss-security] 20130529 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/29/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2006188"
},
{
"name": "drupal-editlimit-cve20132122-security-bypass(84630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630"
},
{
"name": "93725",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93725"
},
{
"name": "60209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60209"
},
{
"name": "53556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the \"edit comments\" permission to edit arbitrary comments of other users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2007048"
},
{
"name": "20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/May/208"
},
{
"name": "[oss-security] 20130529 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/29/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2006188"
},
{
"name": "drupal-editlimit-cve20132122-security-bypass(84630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630"
},
{
"name": "93725",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93725"
},
{
"name": "60209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60209"
},
{
"name": "53556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the \"edit comments\" permission to edit arbitrary comments of other users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2007048",
"refsource": "MISC",
"url": "https://drupal.org/node/2007048"
},
{
"name": "20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/May/208"
},
{
"name": "[oss-security] 20130529 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/29/9"
},
{
"name": "https://drupal.org/node/2006188",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2006188"
},
{
"name": "drupal-editlimit-cve20132122-security-bypass(84630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630"
},
{
"name": "93725",
"refsource": "OSVDB",
"url": "http://osvdb.org/93725"
},
{
"name": "60209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60209"
},
{
"name": "53556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2122",
"datePublished": "2013-07-16T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}