Search criteria
6 vulnerabilities found for freelinking by freelinking_project
FKIE_CVE-2024-13270
Vulnerability from fkie_nvd - Published: 2025-01-09 20:15 - Updated: 2025-08-27 19:27
Severity ?
Summary
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.
References
| URL | Tags | ||
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2024-034 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freelinking_project | freelinking | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freelinking_project:freelinking:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "E2EDFA62-FF9A-465B-A9F3-1AF4A876AB3C",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Drupal Freelinking permite la navegaci\u00f3n forzada. Este problema afecta a Freelinking: desde 0.0.0 antes de 4.0.1."
}
],
"id": "CVE-2024-13270",
"lastModified": "2025-08-27T19:27:33.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T20:15:35.790",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2024-034"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-5179
Vulnerability from fkie_nvd - Published: 2014-08-06 18:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freelinking_for_case_tracker_project | freelinking_for_case_tracker | - | |
| freelinking_project | freelinking | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freelinking_for_case_tracker_project:freelinking_for_case_tracker:-:*:*:*:*:drupal:*:*",
"matchCriteriaId": "FCFD8DE1-DEC4-46E8-A871-012C671F1437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freelinking_project:freelinking:-:*:*:*:*:drupal:*:*",
"matchCriteriaId": "D9ED63C1-EB8D-4F6C-855F-05B8D2ADC3BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."
},
{
"lang": "es",
"value": "El m\u00f3dulo freelinking para Drupal, utilizado en el m\u00f3dulo Freelinking for Case Tracker, no comprueba debidamente los permisos de acceso para (1) nodos o (2) usuarios, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un enlace manipulado."
}
],
"id": "CVE-2014-5179",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-06T18:55:06.277",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68861"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2308503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2308503"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-13270 (GCVE-0-2024-13270)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:19 – Updated: 2025-01-31 15:39
VLAI?
Title
Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
Summary
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Freelinking |
Affected:
0.0.0 , < 4.0.1
(semver)
|
Credits
Matthew Radcliffe
Matthew Radcliffe
Gisle Hannemyr
Greg Knaddison
Damien McKenna
Juraj Nemec
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:53:59.522268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:39:55.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/freelinking",
"defaultStatus": "unaffected",
"product": "Freelinking",
"repo": "https://git.drupalcode.org/project/freelinking",
"vendor": "Drupal",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Gisle Hannemyr"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Damien McKenna"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-09-04T15:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.\u003cp\u003eThis issue affects Freelinking: from 0.0.0 before 4.0.1.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:19:19.134Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13270",
"datePublished": "2025-01-09T19:19:19.134Z",
"dateReserved": "2025-01-09T18:28:05.650Z",
"dateUpdated": "2025-01-31T15:39:55.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5179 (GCVE-0-2014-5179)
Vulnerability from cvelistv5 – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"name": "https://www.drupal.org/node/2308503",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5179",
"datePublished": "2014-08-06T18:00:00",
"dateReserved": "2014-08-06T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13270 (GCVE-0-2024-13270)
Vulnerability from nvd – Published: 2025-01-09 19:19 – Updated: 2025-01-31 15:39
VLAI?
Title
Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
Summary
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Freelinking |
Affected:
0.0.0 , < 4.0.1
(semver)
|
Credits
Matthew Radcliffe
Matthew Radcliffe
Gisle Hannemyr
Greg Knaddison
Damien McKenna
Juraj Nemec
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:53:59.522268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:39:55.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/freelinking",
"defaultStatus": "unaffected",
"product": "Freelinking",
"repo": "https://git.drupalcode.org/project/freelinking",
"vendor": "Drupal",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Gisle Hannemyr"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Damien McKenna"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-09-04T15:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.\u003cp\u003eThis issue affects Freelinking: from 0.0.0 before 4.0.1.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:19:19.134Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13270",
"datePublished": "2025-01-09T19:19:19.134Z",
"dateReserved": "2025-01-09T18:28:05.650Z",
"dateUpdated": "2025-01-31T15:39:55.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5179 (GCVE-0-2014-5179)
Vulnerability from nvd – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freelinking-drupal-casetracker-sec-bypass(94870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"
},
{
"name": "https://www.drupal.org/node/2308503",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2308503"
},
{
"name": "68861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5179",
"datePublished": "2014-08-06T18:00:00",
"dateReserved": "2014-08-06T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}