Access Control Bypass in Project Issue Tracking for Drupal
CVE-2007-0506

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 26 January 2007

Summary

The Project issue tracking module versions 4.7.0 through 5.x before January 23, 2007, contains a vulnerability in the project_issue_access function. This flaw enables remote authenticated users to bypass security measures, allowing them to guess filenames and gain unauthorized access to attached files. Additionally, attackers can gather issue-related information through direct requests, which poses a significant risk to sensitive data stored within the project management system.

References

http://secunia.com/advisories/23887

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22224

vdb-entryx_refsource_BID

http://osvdb.org/32135

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007