CVE-2010-2352

EPSS 0.75%
Published 21.06.2010 19:30:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Karen Stevenson ≫ Cck Version5.x-1.0 Updatebeta

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version5.x-1.1

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version5.x-1.2

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version5.x-1.3

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version5.x-1.7

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version5.x-1.x Updatedev

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updatebeta

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc10

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc2

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc3

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc4

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc5

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc6

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc7

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc8

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.0 Updaterc9

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.1

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.2

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.3

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.4

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.5

Drupal ≫ Drupal

Karen Stevenson ≫ Cck Version6.x-2.6

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.4

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.5

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.6

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.6-1

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.8

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.9

Drupal ≫ Drupal

Yves Chedemois ≫ Cck Version5.x-1.10

Drupal ≫ Drupal

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.723

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://drupal.org/node/829566

Patch

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043100.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043172.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043191.html

http://osvdb.org/65615

http://secunia.com/advisories/40243

Vendor Advisory

http://secunia.com/advisories/40318

http://www.vupen.com/english/advisories/2010/1546

https://exchange.xforce.ibmcloud.com/vulnerabilities/59515

https://nvd.nist.gov/vuln/detail/CVE-2010-2352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2352

EUVD