← back
CVE-2013-4445

CVE-2013-4445

EPSS 1.6%
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.htmlhttps://drupal.org/node/2112785https://drupal.org/node/2112791https://drupal.org/node/2113317