CVE-2013-4445
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
07/12/2013
Last modified:
11/04/2025
Description
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:steven_jones:context:6.x-2.0:alpha1:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:alpha2:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta3:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta4:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta5:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta6:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:beta7:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-2.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-3.0:alpha1:*:*:*:*:*:* | ||
| cpe:2.3:a:steven_jones:context:6.x-3.0:alpha2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
- https://drupal.org/node/2112785
- https://drupal.org/node/2112791
- https://drupal.org/node/2113317
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
- https://drupal.org/node/2112785
- https://drupal.org/node/2112791
- https://drupal.org/node/2113317