CVE Vulnerabilities

CVE-2013-4445

Published: Dec 07, 2013 | Modified: Dec 09, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupals token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

Affected Software

Name Vendor Start Version End Version
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-2.0 6.x-2.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.0 6.x-3.0
Context Steven_jones 6.x-3.1 6.x-3.1
Context Steven_jones 6.x-3.x 6.x-3.x
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.0 7.x-3.0
Context Steven_jones 7.x-3.x 7.x-3.x

References