Access Check Bypass in Node Reference Module of Drupal
CVE-2010-2353

Currently unrated

Key Information:

Vendor: Yves Chedemois
Status: Cck
Vendor: CVE Published:; 21 June 2010

🔔 Create Yves Chedemois Vulnerability Alert

What is CVE-2010-2353?

The Node Reference module within Drupal's Content Construction Kit (CCK) versions earlier than 6.x-2.7 lacks proper access checks for its backend URL's source field. This oversight permits remote attackers to potentially retrieve titles and IDs of controlled nodes, which may lead to exposure of sensitive information. Ensuring timely updates and security measures is critical to mitigate the risks associated with this vulnerability.

References

http://osvdb.org/65615

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/40243

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/829566

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2010
Vulnerability Reserved
Jun 21, 2010

CVE-2010-2353 Data

JSON