All the vulnerabilites related to drupal - node_hierarchy_module
Vulnerability from fkie_nvd
Published
2008-06-18 22:41
Modified
2024-11-21 00:47
Severity ?
Summary
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | drupal | 5.0 | |
| drupal | drupal | 6.0 | |
| drupal | node_hierarchy_module | 5 | |
| drupal | node_hierarchy_module | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBE79A6-5762-4A7C-8FDA-C11FFFDCFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE07AAD-9207-4C5F-A108-7F7753E4F48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:node_hierarchy_module:5:*:*:*:*:*:*:*",
"matchCriteriaId": "A90F9A0D-BD18-4E25-A5C1-58FAA916C659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:node_hierarchy_module:6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9CA485-B2C8-43F8-8053-A0EC8772E9BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with \"access content\" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Node Hierarchy 5.x anterior a 5.x-1.1 y 6.x anteriores a 6.x-1.0 para Drupal no implementa adecuadamente los controles de acceso, lo que permite a atacantes remotos con permiso de \"acceso al contenido\", evitar las restricciones y modificar la jerarqu\u00eda a trav\u00e9s de vectores de ataque indeterminados.\r\n"
}
],
"id": "CVE-2008-2771",
"lastModified": "2024-11-21T00:47:39.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-18T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/269473"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30622"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29675"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/269473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-2771
Vulnerability from cvelistv5
Published
2008-06-18 22:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30622 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43006 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/269473 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29675 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30622"
},
{
"name": "node-hierarchy-access-security-bypass(43006)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/269473"
},
{
"name": "29675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with \"access content\" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30622"
},
{
"name": "node-hierarchy-access-security-bypass(43006)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/269473"
},
{
"name": "29675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with \"access content\" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30622"
},
{
"name": "node-hierarchy-access-security-bypass(43006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43006"
},
{
"name": "http://drupal.org/node/269473",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/269473"
},
{
"name": "29675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2771",
"datePublished": "2008-06-18T22:00:00",
"dateReserved": "2008-06-18T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}