Vulnerability Details CVE-2014-1476
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v2 Score 4.0
References
- http://secunia.com/advisories/56260
- http://www.debian.org/security/2014/dsa-2847
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
- http://www.securityfocus.com/bid/64973
- https://drupal.org/SA-CORE-2014-001
- http://secunia.com/advisories/56260
- http://www.debian.org/security/2014/dsa-2847
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
- http://www.securityfocus.com/bid/64973
- https://drupal.org/SA-CORE-2014-001
Products affected by CVE-2014-1476
-
cpe:2.3:a:drupal:drupal:7.0
-
cpe:2.3:a:drupal:drupal:7.1
-
cpe:2.3:a:drupal:drupal:7.10
-
cpe:2.3:a:drupal:drupal:7.11
-
cpe:2.3:a:drupal:drupal:7.12
-
cpe:2.3:a:drupal:drupal:7.13
-
cpe:2.3:a:drupal:drupal:7.14
-
cpe:2.3:a:drupal:drupal:7.15
-
cpe:2.3:a:drupal:drupal:7.16
-
cpe:2.3:a:drupal:drupal:7.17
-
cpe:2.3:a:drupal:drupal:7.18
-
cpe:2.3:a:drupal:drupal:7.19
-
cpe:2.3:a:drupal:drupal:7.2
-
cpe:2.3:a:drupal:drupal:7.20
-
cpe:2.3:a:drupal:drupal:7.21
-
cpe:2.3:a:drupal:drupal:7.22
-
cpe:2.3:a:drupal:drupal:7.23
-
cpe:2.3:a:drupal:drupal:7.24