CVE-2008-1731 - OpenCVE

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
3281d	Simple Access
Drupal	Drupal

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:3281d:simple_access:5.x-1.0:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.2-1:::::::*
	cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:::::::*

No data.

References

Link	Providers
http://drupal.org/node/244560
http://secunia.com/advisories/29772
http://www.osvdb.org/44271
http://www.securityfocus.com/bid/28720
http://www.vupen.com/english/advisories/2008/1184
https://exchange.xforce.ibmcloud.com/vulnerabilities/41756

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-11T19:00:00

Updated: 2024-08-07T08:32:01.293Z

Reserved: 2008-04-11T00:00:00

Link: CVE-2008-1731

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-04-11T19:05:00.000

Modified: 2017-08-08T01:30:24.480

Link: CVE-2008-1731

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1184", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"name": "44271", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/44271"}, {"name": "28720", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28720"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/244560"}, {"name": "29772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29772"}, {"name": "simpleaccess-privacy-info-disclosure(41756)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1731", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"name": "44271", "refsource": "OSVDB", "url": "http://www.osvdb.org/44271"}, {"name": "28720", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28720"}, {"name": "http://drupal.org/node/244560", "refsource": "CONFIRM", "url": "http://drupal.org/node/244560"}, {"name": "29772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29772"}, {"name": "simpleaccess-privacy-info-disclosure(41756)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.293Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-1184", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"name": "44271", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/44271"}, {"name": "28720", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28720"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/244560"}, {"name": "29772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29772"}, {"name": "simpleaccess-privacy-info-disclosure(41756)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1731", "datePublished": "2008-04-11T19:00:00", "dateReserved": "2008-04-11T00:00:00", "dateUpdated": "2024-08-07T08:32:01.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4E84BCC-0B05-418C-AD25-05F78BB0478D", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.0-beta1:*:*:*:*:*:*:*", "matchCriteriaId": "818BB0AA-B912-4803-8AF5-D4C5955000DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A635AF8A-DFC8-44BE-8A86-57DE9C737A41", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C21AE6A-99E1-4924-AE65-6A3335DD9379", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.2-1:*:*:*:*:*:*:*", "matchCriteriaId": "C511D19B-0F49-42F9-B952-19ED5C1BCFF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:3281d:simple_access:5.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "17A405C7-9FE3-46FA-82E4-79F543106F90", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking."}, {"lang": "es", "value": "El m\u00f3dulo de Acceso Simple para Drupal 5.x a 5.x-1.2-2 no manipula adecuadamente la informaci\u00f3n privada para nodos, que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso planeadas, y leer o modificar nodos, en circunstancias oportunas relacionadas con la interacci\u00f3n entre Acceso Simple y (1) Node clone o (2) asuntos de seguimiento de Proyecto."}], "id": "CVE-2008-1731", "lastModified": "2017-08-08T01:30:24.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-11T19:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/244560"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29772"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/44271"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28720"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1184"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41756"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}