← back
CVE-2013-2123

CVE-2013-2123

EPSS 1.3%
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://drupal.org/node/2007072https://drupal.org/node/2007078https://drupal.org/node/2007122http://www.openwall.com/lists/oss-security/2013/05/29/9