Access Control Flaw in Talk Module for Drupal
CVE-2008-4153

Currently unrated

Key Information:

Vendor: Drupal
Status: Talk
Vendor: CVE Published:; 24 September 2008

Summary

The Talk module for Drupal prior to versions 5.x-1.3 and 6.x-1.5 contains a security flaw that fails to adequately perform access checks on nodes before showing comments. This oversight allows remote attackers to potentially access sensitive information that should be restricted, thereby compromising data integrity and user privacy.

References

http://secunia.com/advisories/31908

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/45223

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/2615

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Sep 24, 2008
Vulnerability Reserved
Sep 19, 2008