The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Drupal | Drupal | 7.0 (including) | 7.0 (including) |
| Drupal | Drupal | 7.0-alpha1 (including) | 7.0-alpha1 (including) |
| Drupal | Drupal | 7.0-alpha2 (including) | 7.0-alpha2 (including) |
| Drupal | Drupal | 7.0-alpha3 (including) | 7.0-alpha3 (including) |
| Drupal | Drupal | 7.0-alpha4 (including) | 7.0-alpha4 (including) |
| Drupal | Drupal | 7.0-alpha5 (including) | 7.0-alpha5 (including) |
| Drupal | Drupal | 7.0-alpha6 (including) | 7.0-alpha6 (including) |
| Drupal | Drupal | 7.0-alpha7 (including) | 7.0-alpha7 (including) |
| Drupal | Drupal | 7.0-beta1 (including) | 7.0-beta1 (including) |
| Drupal | Drupal | 7.0-beta2 (including) | 7.0-beta2 (including) |
| Drupal | Drupal | 7.0-beta3 (including) | 7.0-beta3 (including) |
| Drupal | Drupal | 7.0-dev (including) | 7.0-dev (including) |
| Drupal | Drupal | 7.0-rc1 (including) | 7.0-rc1 (including) |
| Drupal | Drupal | 7.0-rc2 (including) | 7.0-rc2 (including) |
| Drupal | Drupal | 7.0-rc3 (including) | 7.0-rc3 (including) |
| Drupal | Drupal | 7.0-rc4 (including) | 7.0-rc4 (including) |
| Drupal | Drupal | 7.1 (including) | 7.1 (including) |
| Drupal | Drupal | 7.2 (including) | 7.2 (including) |
| Drupal | Drupal | 7.10 (including) | 7.10 (including) |
| Drupal | Drupal | 7.11 (including) | 7.11 (including) |
| Drupal | Drupal | 7.12 (including) | 7.12 (including) |
| Drupal | Drupal | 7.13 (including) | 7.13 (including) |
| Drupal | Drupal | 7.14 (including) | 7.14 (including) |
| Drupal | Drupal | 7.15 (including) | 7.15 (including) |
| Drupal | Drupal | 7.16 (including) | 7.16 (including) |
| Drupal | Drupal | 7.17 (including) | 7.17 (including) |
| Drupal | Drupal | 7.18 (including) | 7.18 (including) |
| Drupal | Drupal | 7.19 (including) | 7.19 (including) |
| Drupal | Drupal | 7.20 (including) | 7.20 (including) |
| Drupal | Drupal | 7.21 (including) | 7.21 (including) |
| Drupal | Drupal | 7.22 (including) | 7.22 (including) |
| Drupal | Drupal | 7.23 (including) | 7.23 (including) |
| Drupal | Drupal | 7.24 (including) | 7.24 (including) |
| Drupal7 | Ubuntu | precise | * |
| Drupal7 | Ubuntu | quantal | * |
| Drupal7 | Ubuntu | raring | * |
| Drupal7 | Ubuntu | saucy | * |
| Drupal7 | Ubuntu | upstream | * |
References
- http://secunia.com/advisories/56260
- http://www.debian.org/security/2014/dsa-2847
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
- http://www.securityfocus.com/bid/64973
- https://drupal.org/SA-CORE-2014-001
- http://secunia.com/advisories/56260
- http://www.debian.org/security/2014/dsa-2847
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
- http://www.securityfocus.com/bid/64973
- https://drupal.org/SA-CORE-2014-001