CVE-2009-1507

Published May 1, 2009

Last updated 16 years ago

Overview

Description: The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "258146DF-AE15-409C-BE70-725982EA136C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1007E9C-8634-4A8E-8A36-5F337F766BD6"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30D3C011-FEBF-4435-8F9D-19B5187D090F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B92368BC-20A6-42B5-889D-53AB1BA028B8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17D553E7-8EBB-4EAC-A9F3-E1524F7AA154"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAF88146-F2AB-4A49-BE0B-5EE56BF180DF"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E6A50E4-6B5C-4683-B3F9-7FDEFB9F0CCA"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2360CB4-D4F4-462D-B0BC-4E44C91D98E2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F30F5EBC-0350-4D2B-9145-DB9AF13A90AB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "942B1BC4-11AE-42F4-BD8D-83898432DC3C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F7C7F90-9FEF-4D31-9643-5D92AF7F1D34"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD0A18F6-8EE6-41D8-AF69-FFAABEB47661"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66824B75-7E7E-45CA-9D9D-F916D4C8B9D6"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADA0F06E-3674-4816-9BBE-8B1668B71E7C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E7AAAB4-D435-400E-8532-201A96EF93A2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2102783C-0725-4BC0-B809-BFB32E8E1330"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08CD2483-246B-4987-B20B-383C0E1A989C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00E69FB5-6D7E-4830-B371-C36D4F512030"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AEDC123-2E18-4181-A1D7-412641D2249A"
          },
          {
            "criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735D8E8-3B78-4ED4-80F5-5C5BC16658AF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References