CVE-2010-4775 - OpenCVE

The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nicholas Thompson	Relevant Content
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.0:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.1:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.2:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.3:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.x-dev:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.0:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.1:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.2:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.3:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.4:::::::*
	cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.x-dev:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

References

Link	Resource
http://drupal.org/node/974668	Patch
http://drupal.org/node/974672	Patch
http://drupal.org/node/975094	Patch Vendor Advisory
http://osvdb.org/69368
http://secunia.com/advisories/42228	Vendor Advisory
http://www.securityfocus.com/bid/44932
https://exchange.xforce.ibmcloud.com/vulnerabilities/63331

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-03-23T21:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-03-23T00:00:00

Link: CVE-2010-4775

JSON object: View

NVD Information

Status : Modified

Published: 2011-03-23T22:00:02.167

Modified: 2017-08-17T01:33:21.540

Link: CVE-2010-4775

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/975094"}, {"name": "relevantcontent-nodeaccess-info-disc(63331)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63331"}, {"name": "69368", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69368"}, {"name": "42228", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42228"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/974668"}, {"name": "44932", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44932"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/974672"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4775", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/975094", "refsource": "CONFIRM", "url": "http://drupal.org/node/975094"}, {"name": "relevantcontent-nodeaccess-info-disc(63331)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63331"}, {"name": "69368", "refsource": "OSVDB", "url": "http://osvdb.org/69368"}, {"name": "42228", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42228"}, {"name": "http://drupal.org/node/974668", "refsource": "CONFIRM", "url": "http://drupal.org/node/974668"}, {"name": "44932", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44932"}, {"name": "http://drupal.org/node/974672", "refsource": "CONFIRM", "url": "http://drupal.org/node/974672"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4775", "datePublished": "2011-03-23T21:00:00", "dateReserved": "2011-03-23T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "71F26C65-8ACB-4BDC-A5C6-D10E233F8680", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "49798E2C-D64A-42E7-A3BD-ACA2A6CAFAA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A30B0D0F-D90B-4C67-96C1-C7CA3F7625FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CBBA2FC-A60C-4EAF-A901-7FD06C12C7A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:5.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "D2922D15-F666-452F-92DB-8CA1948EA05E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "80EFC284-085B-4887-85E5-ADFCC232BA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D0560A41-EE96-44DE-922A-A87F0A81436F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBA2CE17-AED5-48D8-B933-A11AB0F56F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "45974BFD-C2DC-46AA-809A-0DDAB86F7A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1973AB3-F994-488F-94D6-6FA39999B29C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nicholas_thompson:relevant_content:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "99C57CA1-4FFF-487F-94FF-9833D4F605E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships."}, {"lang": "es", "value": "El m\u00f3dulo Relevant Content v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.5 para Drupal no aplica adecuadamente la l\u00f3gica de acceso a nodo, lo que permite a atacantes remotos a descubrir t\u00edtulos de nodos restringidos y relaciones."}], "id": "CVE-2010-4775", "lastModified": "2017-08-17T01:33:21.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-23T22:00:02.167", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/974668"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/974672"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/975094"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/69368"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42228"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44932"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63331"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}