CVE-2013-4379 - OpenCVE

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Sebastien Corbin	Make Meeting Scheduler Module

Configuration 1 [-]

AND

OR	cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.0:::::::*
	cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.1:::::::*
	cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.2:::::::*
	cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/54634
http://www.openwall.com/lists/oss-security/2013/09/27/6
https://drupal.org/node/2081637
https://drupal.org/node/2081647

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-09T17:00:00Z

Updated: 2024-09-17T03:18:45.009Z

Reserved: 2013-06-12T00:00:00Z

Link: CVE-2013-4379

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-10-09T17:55:05.160

Modified: 2013-10-10T20:41:52.813

Link: CVE-2013-4379

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-09T17:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2081637"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2081647"}, {"name": "54634", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54634"}, {"name": "[oss-security] 20130927 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/09/27/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4379", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2081637", "refsource": "MISC", "url": "https://drupal.org/node/2081637"}, {"name": "https://drupal.org/node/2081647", "refsource": "CONFIRM", "url": "https://drupal.org/node/2081647"}, {"name": "54634", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54634"}, {"name": "[oss-security] 20130927 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/09/27/6"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:12.728Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2081637"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2081647"}, {"name": "54634", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54634"}, {"name": "[oss-security] 20130927 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/09/27/6"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4379", "datePublished": "2013-10-09T17:00:00Z", "dateReserved": "2013-06-12T00:00:00Z", "dateUpdated": "2024-09-17T03:18:45.009Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8DC7565-41CE-4668-B3DD-581644844FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4712A0DF-032B-4358-833B-8E281BF24546", "vulnerable": true}, {"criteria": "cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C44F4ADD-3657-4A94-865A-4D678FA42677", "vulnerable": true}, {"criteria": "cpe:2.3:a:sebastien_corbin:make_meeting_scheduler_module:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "853469A8-8A00-416A-9D79-7EAE781CCFDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL."}, {"lang": "es", "value": "El m\u00f3dulo Make Meeting Scheduler 6.x-1.x anterior a la versi\u00f3n 6.x-1.3 para Drupal permite a atacantes remotos evadir restricciones de acceso de una encuesta a trav\u00e9s de una petici\u00f3n directa a la URL del nodo en lugar the la URL hash."}], "id": "CVE-2013-4379", "lastModified": "2013-10-10T20:41:52.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-09T17:55:05.160", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/54634"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/09/27/6"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/2081637"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2081647"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}