CVE-2013-7066

The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.

Affected Software

Name	Vendor	Start Version	End Version
Entityreference	Entity_reference_project	7.x-1.0 (including)	7.x-1.0 (including)
Entityreference	Entity_reference_project	7.x-1.0-alpha1 (including)	7.x-1.0-alpha1 (including)
Entityreference	Entity_reference_project	7.x-1.0-alpha2 (including)	7.x-1.0-alpha2 (including)
Entityreference	Entity_reference_project	7.x-1.0-beta1 (including)	7.x-1.0-beta1 (including)
Entityreference	Entity_reference_project	7.x-1.0-beta2 (including)	7.x-1.0-beta2 (including)
Entityreference	Entity_reference_project	7.x-1.0-beta3 (including)	7.x-1.0-beta3 (including)
Entityreference	Entity_reference_project	7.x-1.0-beta4 (including)	7.x-1.0-beta4 (including)
Entityreference	Entity_reference_project	7.x-1.0-beta5 (including)	7.x-1.0-beta5 (including)
Entityreference	Entity_reference_project	7.x-1.0-rc1 (including)	7.x-1.0-rc1 (including)
Entityreference	Entity_reference_project	7.x-1.0-rc2 (including)	7.x-1.0-rc2 (including)
Entityreference	Entity_reference_project	7.x-1.0-rc3 (including)	7.x-1.0-rc3 (including)
Entityreference	Entity_reference_project	7.x-1.0-rc4 (including)	7.x-1.0-rc4 (including)
Entityreference	Entity_reference_project	7.x-1.0-rc5 (including)	7.x-1.0-rc5 (including)
Entityreference	Entity_reference_project	7.x-1.x-dev (including)	7.x-1.x-dev (including)
Drupal6	Ubuntu	lucid	*
Drupal6	Ubuntu	precise	*
Drupal6	Ubuntu	quantal	*
Drupal6	Ubuntu	raring	*
Drupal7	Ubuntu	precise	*
Drupal7	Ubuntu	quantal	*
Drupal7	Ubuntu	raring	*
Drupal7	Ubuntu	saucy	*
Drupal7	Ubuntu	utopic	*
Drupal7	Ubuntu	vivid	*
Drupal7	Ubuntu	wily	*
Drupal7	Ubuntu	yakkety	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-7066
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References