PT-2010-1378 · Drupal · Image Assist
Published
2010-01-04
·
Updated
2017-08-17
·
CVE-2009-4558
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Image Assist module versions 5.x-1.x before 5.x-1.8
Image Assist module versions 5.x-2.x before 2.0-alpha4
Image Assist module versions 6.x-1.x before 6.x-1.1
Image Assist module versions 6.x-2.x before 2.0-alpha4
Image Assist module versions 6.x-3.x-dev before 2009-07-15
Description
The issue allows remote attackers to read the title or body of an arbitrary node via unknown vectors due to improper enforcement of privilege requirements for unspecified pages.
Recommendations
For Image Assist module version 5.x-1.x, update to version 5.x-1.8 or later.
For Image Assist module version 5.x-2.x, update to version 2.0-alpha4 or later.
For Image Assist module version 6.x-1.x, update to version 6.x-1.1 or later.
For Image Assist module version 6.x-2.x, update to version 2.0-alpha4 or later.
For Image Assist module version 6.x-3.x-dev, update to a version released after 2009-07-15.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Image Assist