CVSS: 4.0EPSS: 0%CPEs: 16EXPL: 0CVE-2013-4273
https://notcve.org/view.php?id=CVE-2013-4273
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector. El módulo Entity API 7.x-1.x anterior a 7.x-1.2 para Drupal no restringe debidamente el acceso a comentarios de nodos, lo que permite a usuarios remotos autenticados leer los comentarios a través de vectores no especificados. NOTA: este identificador fue dividido (SPLIT) por ADT5 debido a organizaciones diferentes de investigadores. • http://www.openwall.com/lists/oss-security/2013/08/22/2 https://drupal.org/node/2065197 https://drupal.org/node/2065207 • CWE-264: Permissions, Privileges, and Access Controls •