GHSA-rfxx-gxwc-923c

Source

https://github.com/advisories/GHSA-rfxx-gxwc-923c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfxx-gxwc-923c/GHSA-rfxx-gxwc-923c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rfxx-gxwc-923c

Aliases

CVE-2016-6212

Published

2022-05-17T03:39:45Z

Modified

2024-04-23T17:43:52.656894Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Drupal Views can allow unauthorized users to see Statistics information

Details

The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

Database specific

{
    "nvd_published_at": "2016-09-09T14:05:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T17:18:11Z"
}

References

Affected packages

Packagist / drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0

Fixed

8.1.3

Affected versions

8.*

8.0.0-beta6

8.0.0-beta7

8.0.0-beta8

8.0.0-beta9

8.0.0-beta10

8.0.0-beta11

8.0.0-beta12

8.0.0-beta13

8.0.0-beta14

8.0.0-beta15

8.0.0-beta16

8.0.0-rc1

8.0.0-rc2

8.0.0-rc3

8.0.0-rc4

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

Packagist / drupal/drupal