{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "freelinking-drupal-casetracker-sec-bypass(94870)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"}, {"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/node/2308503"}, {"name": "68861", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68861"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5179", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "freelinking-drupal-casetracker-sec-bypass(94870)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"}, {"name": "https://www.drupal.org/node/2308503", "refsource": "MISC", "url": "https://www.drupal.org/node/2308503"}, {"name": "68861", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68861"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:37.531Z"}, "title": "CVE Program Container", "references": [{"name": "freelinking-drupal-casetracker-sec-bypass(94870)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/node/2308503"}, {"name": "68861", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68861"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5179", "datePublished": "2014-08-06T18:00:00", "dateReserved": "2014-08-06T00:00:00", "dateUpdated": "2024-08-06T11:34:37.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freelinking_for_case_tracker_project:freelinking_for_case_tracker:-:*:*:*:*:drupal:*:*", "matchCriteriaId": "FCFD8DE1-DEC4-46E8-A871-012C671F1437", "vulnerable": true}, {"criteria": "cpe:2.3:a:freelinking_project:freelinking:-:*:*:*:*:drupal:*:*", "matchCriteriaId": "D9ED63C1-EB8D-4F6C-855F-05B8D2ADC3BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link."}, {"lang": "es", "value": "El m\u00f3dulo freelinking para Drupal, utilizado en el m\u00f3dulo Freelinking for Case Tracker, no comprueba debidamente los permisos de acceso para (1) nodos o (2) usuarios, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un enlace manipulado."}], "id": "CVE-2014-5179", "lastModified": "2017-09-08T01:29:04.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-06T18:55:06.277", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/68861"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2308503"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}