The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linkit | Emil_stjerneman | 7.x-2.0 (including) | 7.x-2.0 (including) |
| Linkit | Emil_stjerneman | 7.x-2.0-beta1 (including) | 7.x-2.0-beta1 (including) |
| Linkit | Emil_stjerneman | 7.x-2.0-beta2 (including) | 7.x-2.0-beta2 (including) |
| Linkit | Emil_stjerneman | 7.x-2.1 (including) | 7.x-2.1 (including) |
| Linkit | Emil_stjerneman | 7.x-2.2 (including) | 7.x-2.2 (including) |
| Linkit | Emil_stjerneman | 7.x-2.3 (including) | 7.x-2.3 (including) |
References
- http://drupal.org/node/1547716
- http://drupal.org/node/1547738
- http://secunia.com/advisories/48900
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81557
- http://www.securityfocus.com/bid/53253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75183
- http://drupal.org/node/1547716
- http://drupal.org/node/1547738
- http://secunia.com/advisories/48900
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81557
- http://www.securityfocus.com/bid/53253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75183