- Description
- The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freelinking_for_case_tracker_project:freelinking_for_case_tracker:-:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFD8DE1-DEC4-46E8-A871-012C671F1437"
},
{
"criteria": "cpe:2.3:a:freelinking_project:freelinking:-:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "D9ED63C1-EB8D-4F6C-855F-05B8D2ADC3BF"
}
],
"operator": "OR"
}
]
}
]