CVE-2013-7391
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.
El módulo Entity API 7.x-1.x anterior a 7.x-1.2 para Drupal, cuando utilice (a) el campo Views o (b) los plugins de área, permite a atacantes remotos leer entidades restringidos a través de (1) el campo, (2) la cabecera o (3) el pie de un View. NOTA: este identificador fue dividido (SPLIT) del CVE-2013-4273 por ADT5 debido a organizaciones diferentes de investigadores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-19 CVE Reserved
- 2014-07-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/22/2 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://drupal.org/node/2065197 | 2015-02-27 | |
| https://drupal.org/node/2065207 | 2015-02-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | <= 7.x-1.1 Search vendor "Entity Api Project" for product "Entity Api" and version " <= 7.x-1.1" | drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta1, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta10, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta11, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta2, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta3, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta4, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta5, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta6, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta7, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta8, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | beta9, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | rc1, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | rc2, drupal |
Affected
| ||||||
| Entity Api Project Search vendor "Entity Api Project" | Entity Api Search vendor "Entity Api Project" for product "Entity Api" | 7.x-1.0 Search vendor "Entity Api Project" for product "Entity Api" and version "7.x-1.0" | rc3, drupal |
Affected
| ||||||