PT-2014-2524 · Drupal · Autocomplete Widgets For Text/Number Fields
Publicado
2014-06-09
·
Atualizado
2014-06-24
·
CVE-2013-1973
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Autocomplete Widgets for Text and Number Fields (autocomplete widgets) module versions 6.x-1.x before 6.x-1.4
Autocomplete Widgets for Text and Number Fields (autocomplete widgets) module versions 7.x-1.x before 7.x-1.0-rc1
Description
The issue concerns the autocomplete callback in the Autocomplete Widgets for Text and Number Fields module, which does not properly handle node permissions. This allows remote authenticated users to obtain sensitive field values.
Recommendations
For Autocomplete Widgets for Text and Number Fields (autocomplete widgets) module version 6.x-1.x, update to version 6.x-1.4 or later.
For Autocomplete Widgets for Text and Number Fields (autocomplete widgets) module version 7.x-1.x, update to version 7.x-1.0-rc1 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Autocomplete Widgets For Text/Number Fields