Vulnerability Description
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Entity Api Project | Entity Api | <= 7.x-1.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/08/22/2
- https://drupal.org/node/2065197Patch
- https://drupal.org/node/2065207PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2013/08/22/2
- https://drupal.org/node/2065197Patch
- https://drupal.org/node/2065207PatchVendor Advisory
FAQ
What is CVE-2013-7391?
CVE-2013-7391 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) f...
How severe is CVE-2013-7391?
CVE-2013-7391 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7391?
Check the references section above for vendor advisories and patch information. Affected products include: Entity Api Project Entity Api.