Vulnerability Description
The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flippy Project | Flippy | >= 7.x-1.0, <= 7.x-1.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/08/01/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/4Mailing ListThird Party Advisory
- https://drupal.org/node/2050827Third Party Advisory
- https://drupal.org/node/2054701Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/08/01/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/4Mailing ListThird Party Advisory
- https://drupal.org/node/2050827Third Party Advisory
- https://drupal.org/node/2054701Third Party Advisory
FAQ
What is CVE-2013-4187?
CVE-2013-4187 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to...
How severe is CVE-2013-4187?
CVE-2013-4187 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4187?
Check the references section above for vendor advisories and patch information. Affected products include: Flippy Project Flippy.