Vulnerability Description
The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zugec Ivan | Keyboard Shortcut Utility | 7.x-1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/01/25/4
- https://drupal.org/node/1896752
- http://www.openwall.com/lists/oss-security/2013/01/25/4
- https://drupal.org/node/1896752
FAQ
What is CVE-2013-0226?
CVE-2013-0226 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to re...
How severe is CVE-2013-0226?
CVE-2013-0226 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0226?
Check the references section above for vendor advisories and patch information. Affected products include: Zugec Ivan Keyboard Shortcut Utility.