Vulnerability Description
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 6.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/89305
- http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scrip
- http://seclists.org/fulldisclosure/2013/Jan/120
- http://seclists.org/oss-sec/2013/q1/211
- http://secunia.com/advisories/51717Vendor Advisory
- http://www.debian.org/security/2013/dsa-2776
- https://drupal.org/SA-CORE-2013-001PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81380
- http://osvdb.org/89305
- http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scrip
- http://seclists.org/fulldisclosure/2013/Jan/120
- http://seclists.org/oss-sec/2013/q1/211
- http://secunia.com/advisories/51717Vendor Advisory
- http://www.debian.org/security/2013/dsa-2776
- https://drupal.org/SA-CORE-2013-001PatchVendor Advisory
FAQ
What is CVE-2013-0245?
CVE-2013-0245 is a vulnerability with a CVSS score of 2.1 (LOW). The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remo...
How severe is CVE-2013-0245?
CVE-2013-0245 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0245?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.