CVE-2014-1399

Published: Apr 10, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

Affected (5)

Products: Entity Api Project: Entity Api · Fedoraproject: Fedora

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Entity Api Project Entity Api	Version 7.x-1.0
Entity Api Project Entity Api	Version 7.x-1.1
Entity Api Project Entity Api	Version 7.x-1.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (14)

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/01/09/3

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/64729

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1050802

Source: cve@mitre.org

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/90216

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.drupal.org/node/2169595

Source: cve@mitre.org

PatchVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html