Vulnerability Details CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
- http://www.openwall.com/lists/oss-security/2014/01/09/3
- http://www.securityfocus.com/bid/64729
- https://bugzilla.redhat.com/show_bug.cgi?id=1050802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90396
- https://www.drupal.org/node/2169595
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
- http://www.openwall.com/lists/oss-security/2014/01/09/3
- http://www.securityfocus.com/bid/64729
- https://bugzilla.redhat.com/show_bug.cgi?id=1050802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90396
- https://www.drupal.org/node/2169595
Products affected by CVE-2014-1400
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.0
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.1
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.2
-
cpe:2.3:o:fedoraproject:fedora:19
-
cpe:2.3:o:fedoraproject:fedora:20