2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2013-4445" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2013-12-07T20:55:02.350" ,
2024-11-22 19:15:24 +00:00
"lastModified" : "2024-11-21T01:55:34.967" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access."
} ,
{
"lang" : "es" ,
"value" : "La funcionalidad de renderizaci\u00f3n de json en el m\u00f3dulo Context 6.x-2.x anteriores a 6.x-3.2 y 7.x-3.x anteriores a 7.x-3.0 para Drupal utiliza el esquema de tokens de Drupal para restringir el acceso a bloques, lo cual facilita a usuarios autenticados remotamente adivinar el token de acceso para un bloque aprovechando el token de un bloque al cual el usuario tiene acceso."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:N" ,
2024-11-22 19:15:24 +00:00
"baseScore" : 4.9 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-11-22 19:15:24 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 6.8 ,
"impactScore" : 4.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-264"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:alpha1:*:*:*:*:*:*" ,
"matchCriteriaId" : "A5502A2B-D8D1-4BC9-8902-C9F9A8C2AF6F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:alpha2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B2438DF-817D-46D4-885D-CF6052BF4166"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta1:*:*:*:*:*:*" ,
"matchCriteriaId" : "FBF39898-9E79-4B1C-BC00-B37CCA30088B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "3BA71873-1CCC-4447-8C98-31FDA002AAEA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "7DFE54DF-B6F2-4ECF-9283-DA3836D1DDAB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta4:*:*:*:*:*:*" ,
"matchCriteriaId" : "4274C682-9E48-432D-9CA2-5CDB054864DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta5:*:*:*:*:*:*" ,
"matchCriteriaId" : "EBBBDCEA-521C-46D1-9A35-2EA3234A3E6A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta6:*:*:*:*:*:*" ,
"matchCriteriaId" : "68C704EE-E219-453C-BFE5-2B1E607B588A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:beta7:*:*:*:*:*:*" ,
"matchCriteriaId" : "26EA9E05-CE12-4D64-A766-ED60D20C3923"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "903398AF-285F-4255-95B7-3FE4270AECF1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "F892763E-1C37-46D9-9DE3-3FC73F11F628"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-2.0:rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA264F98-0DE6-4B10-B0F4-B560A6C91D1B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9D86EDBB-DCFA-4D50-99DB-8ACF1ACF66EA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:alpha1:*:*:*:*:*:*" ,
"matchCriteriaId" : "EBF14829-B6B3-4877-958E-2AC0C9CD181C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:alpha2:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E92FBFA-798C-4F62-BFDE-4FCC4F96444A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta1:*:*:*:*:*:*" ,
"matchCriteriaId" : "0F8BB94F-5BC4-407B-92BF-EB12DB73C56A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "ABEE4DD6-6B08-4ED4-A83D-CBA80876A471"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "939DE81A-B5CB-4DDE-BC0A-91AB98EB0F33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta4:*:*:*:*:*:*" ,
"matchCriteriaId" : "AE4F00D3-9E8A-4252-B89A-86DF14152CFD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta5:*:*:*:*:*:*" ,
"matchCriteriaId" : "C4F9F796-E4E3-41E8-9116-39818B2F0560"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta6:*:*:*:*:*:*" ,
"matchCriteriaId" : "F6940D10-57DE-4DA6-B74D-3BF557887B77"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta7:*:*:*:*:*:*" ,
"matchCriteriaId" : "048EC726-6508-4660-8C3C-8A9D44C33FEA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:beta8:*:*:*:*:*:*" ,
"matchCriteriaId" : "866D9923-EB35-450B-847E-EE4E7F2512CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "40277B77-BF40-452C-B5E6-4EC603C1D939"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.0:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "A2BE52A3-4D15-4F57-AA4D-DF6EEAE9AD6B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2223B9D6-4FF5-49E2-A962-C919225E23F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:6.x-3.x:dev:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB8C63F8-2BA6-44CD-82F7-C97E95D9CDCC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:alpha1:*:*:*:*:*:*" ,
"matchCriteriaId" : "5408D146-CFED-4566-90D0-521789B9D491"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:alpha2:*:*:*:*:*:*" ,
"matchCriteriaId" : "F614AFDF-29FA-4E5B-9FC7-85A3EA70405D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:alpha3:*:*:*:*:*:*" ,
"matchCriteriaId" : "D3A5E0DB-594C-463A-BF78-55C0C658F156"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta1:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA0E624D-E541-4F8A-A3C1-7EDCEA909AE6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "C7944EE0-1B4A-4604-931E-C2B656B0A160"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "41454A9D-59CC-480B-A47D-3E4FB090A9F0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta4:*:*:*:*:*:*" ,
"matchCriteriaId" : "B2012981-AFDD-49EF-83BA-6C7A906A0E85"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta5:*:*:*:*:*:*" ,
"matchCriteriaId" : "F93CC5BA-E98C-44CB-96E9-35793967A5AA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta6:*:*:*:*:*:*" ,
"matchCriteriaId" : "704732A4-AF57-4D12-AFE5-C503C84550F7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.0:beta7:*:*:*:*:*:*" ,
"matchCriteriaId" : "3A1C4CCE-000D-40A7-8EB6-88C29429F28F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:steven_jones:context:7.x-3.x:dev:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B5A5504-DD90-47A1-BB7F-5B9648ABA097"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://drupal.org/node/2112785" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://drupal.org/node/2112791" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://drupal.org/node/2113317" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2024-11-22 19:15:24 +00:00
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://drupal.org/node/2112785" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://drupal.org/node/2112791" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://drupal.org/node/2113317" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
