CVE-2008-1731 - OpenCVE

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
3281d	Simple Access
Drupal	Drupal

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:3281d:simple_access:5.x-1.0:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2-1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:::::::*

References

Link	Resource
http://drupal.org/node/244560	Patch Vendor Advisory
http://secunia.com/advisories/29772	Vendor Advisory
http://www.osvdb.org/44271
http://www.securityfocus.com/bid/28720	Patch
http://www.vupen.com/english/advisories/2008/1184
https://exchange.xforce.ibmcloud.com/vulnerabilities/41756

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-11T19:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-04-11T00:00:00

Link: CVE-2008-1731

JSON object: View

NVD Information

Status : Modified

Published: 2008-04-11T19:05:00.000

Modified: 2017-08-08T01:30:24.480

Link: CVE-2008-1731

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1184", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"name": "44271", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/44271"}, {"name": "28720", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28720"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/244560"}, {"name": "29772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29772"}, {"name": "simpleaccess-privacy-info-disclosure(41756)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1731", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"name": "44271", "refsource": "OSVDB", "url": "http://www.osvdb.org/44271"}, {"name": "28720", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28720"}, {"name": "http://drupal.org/node/244560", "refsource": "CONFIRM", "url": "http://drupal.org/node/244560"}, {"name": "29772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29772"}, {"name": "simpleaccess-privacy-info-disclosure(41756)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1731", "datePublished": "2008-04-11T19:00:00", "dateReserved": "2008-04-11T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4E84BCC-0B05-418C-AD25-05F78BB0478D", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:*:*:*:*:*:*:*", "matchCriteriaId": "818BB0AA-B912-4803-8AF5-D4C5955000DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A635AF8A-DFC8-44BE-8A86-57DE9C737A41", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C21AE6A-99E1-4924-AE65-6A3335DD9379", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.2-1:*:*:*:*:*:*:*", "matchCriteriaId": "C511D19B-0F49-42F9-B952-19ED5C1BCFF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "17A405C7-9FE3-46FA-82E4-79F543106F90", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}, {"lang": "es", "value": "El m\u00f3dulo de Acceso Simple para Drupal 5.x a 5.x-1.2-2 no manipula adecuadamente la informaci\u00f3n privada para nodos, que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso planeadas, y leer o modificar nodos, en circunstancias oportunas relacionadas con la interacci\u00f3n entre Acceso Simple y (1) Node clone o (2) asuntos de seguimiento de Proyecto."}], "id": "CVE-2008-1731", "lastModified": "2017-08-08T01:30:24.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-11T19:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/244560"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29772"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/44271"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28720"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}