Vulnerability Description
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freelinking For Case Tracker Project | Freelinking For Case Tracker | - |
| Freelinking Project | Freelinking | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/68861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94870
- https://www.drupal.org/node/2308503Vendor Advisory
- http://www.securityfocus.com/bid/68861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94870
- https://www.drupal.org/node/2308503Vendor Advisory
FAQ
What is CVE-2014-5179?
CVE-2014-5179 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain se...
How severe is CVE-2014-5179?
CVE-2014-5179 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5179?
Check the references section above for vendor advisories and patch information. Affected products include: Freelinking For Case Tracker Project Freelinking For Case Tracker, Freelinking Project Freelinking.