CVE-2013-4445

Name of the Vulnerable Software and Affected Versions Context module versions 6.x-2.x through 6.x-3.1 Context module versions 7.x-3.x through 7.x-2.x

Description The json rendering functionality in the Context module for Drupal uses Drupal's token scheme to restrict access to blocks. This makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

Recommendations For Context module versions 6.x-2.x through 6.x-3.1, update to version 6.x-3.2 or later. For Context module versions 7.x-3.x through 7.x-2.x, update to version 7.x-3.0 or later.