Vulnerability Details : CVE-2013-4597
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Products affected by CVE-2013-4597
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:rik_de_boer:revisioning:7.x-1.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4597
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4597
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4597
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4597
-
https://drupal.org/node/2135257
SA-CONTRIB-2013-090 - Revisioning - Access Bypass | Drupal.orgVendor Advisory
-
http://seclists.org/oss-sec/2013/q4/317
oss-sec: Re: CVE request for Drupal contributed modules
-
https://drupal.org/node/2133555
Access to this page has been denied.Patch
Jump to