← Back

CVE-2013-1925

nvd nist
Published: Jul 16, 2013Modified: Apr 29, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:P/I:N/A:N
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.

Affected (11)

Chaos Tool Suite Project
1 product
Ctools
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Ctools
Version 7.x-1.0
Ctools
Version 7.x-1.0 alpha1
Ctools
Version 7.x-1.0 alpha2
Ctools
Version 7.x-1.0 alpha3
Ctools
Version 7.x-1.0 alpha4
Ctools
Version 7.x-1.0 beta1
Ctools
Version 7.x-1.0 rc1
Ctools
Version 7.x-1.0 rc2
Ctools
Version 7.x-1.1
Ctools
Version 7.x-1.2
Ctools
Version 7.x-1.x dev

Related CWEs

CWE-264
CWE-264

References (12)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.