CVE-2009-3782 - OpenCVE

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Drupal	Drupal
2bits	Userpoints

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:2bits:userpoints:6.x-1.0:::::::*
	cpe:2.3:a:2bits:userpoints:6.x-1.x-dev:::::::*

References

Link	Resource
http://drupal.org/node/610818	Patch Vendor Advisory
http://drupal.org/node/610828	Patch Vendor Advisory
http://osvdb.org/59124
http://secunia.com/advisories/37123	Vendor Advisory
http://www.securityfocus.com/bid/36786	Patch
http://www.vupen.com/english/advisories/2009/2998	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53896

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-26T17:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-10-26T00:00:00

Link: CVE-2009-3782

JSON object: View

NVD Information

Status : Modified

Published: 2009-10-26T17:30:00.453

Modified: 2017-08-17T01:31:16.397

Link: CVE-2009-3782

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with \"View own userpoints\" permissions to read the userpoint data of arbitrary users via unknown attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37123", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37123"}, {"name": "userpoints-userpoint-information-disclosure(53896)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53896"}, {"name": "36786", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36786"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/610828"}, {"name": "59124", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/59124"}, {"name": "ADV-2009-2998", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2998"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/610818"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3782", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with \"View own userpoints\" permissions to read the userpoint data of arbitrary users via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37123", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37123"}, {"name": "userpoints-userpoint-information-disclosure(53896)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53896"}, {"name": "36786", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36786"}, {"name": "http://drupal.org/node/610828", "refsource": "CONFIRM", "url": "http://drupal.org/node/610828"}, {"name": "59124", "refsource": "OSVDB", "url": "http://osvdb.org/59124"}, {"name": "ADV-2009-2998", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2998"}, {"name": "http://drupal.org/node/610818", "refsource": "CONFIRM", "url": "http://drupal.org/node/610818"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3782", "datePublished": "2009-10-26T17:00:00", "dateReserved": "2009-10-26T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:2bits:userpoints:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D003179B-E321-467C-962E-9D57DEBB2EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:2bits:userpoints:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "47E44176-5E7E-4BA3-B6C5-32932BE70691", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with \"View own userpoints\" permissions to read the userpoint data of arbitrary users via unknown attack vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el m\u00f3dulo para drupal Userpoints v6.x anteriores a 6.x-1.1, permite a usuarios remotos autenticado, con permisos \"View own userpoints\", leer los datos de puntos de usuario de usuarios de su elecci\u00f3n a trav\u00e9s de vectores de ataque desconocidos.\r\n"}], "id": "CVE-2009-3782", "lastModified": "2017-08-17T01:31:16.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-26T17:30:00.453", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/610818"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/610828"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/59124"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37123"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36786"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2998"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53896"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}