Vulnerability Description
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chaos Tool Suite Project | Ctools | 7.x-1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/91986
- http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-B
- http://seclists.org/fulldisclosure/2013/Apr/8
- https://drupal.org/node/1960406PatchVendor Advisory
- https://drupal.org/node/1960424Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83254
- http://osvdb.org/91986
- http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-B
- http://seclists.org/fulldisclosure/2013/Apr/8
- https://drupal.org/node/1960406PatchVendor Advisory
- https://drupal.org/node/1960424Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83254
FAQ
What is CVE-2013-1925?
CVE-2013-1925 is a vulnerability with a CVSS score of 3.5 (LOW). The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read rest...
How severe is CVE-2013-1925?
CVE-2013-1925 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1925?
Check the references section above for vendor advisories and patch information. Affected products include: Chaos Tool Suite Project Ctools.