Vulnerability Details : CVE-2013-2122
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-2122
Probability of exploitation activity in the next 30 days: 0.82%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2122
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-2122
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2122
-
http://www.securityfocus.com/bid/60209
Drupal Edit Limit Module Access Bypass Vulnerability
-
https://drupal.org/node/2007048
SA-CONTRIB-2013-048 - Edit Limit - Access Bypass | Drupal.orgVendor Advisory
-
http://seclists.org/fulldisclosure/2013/May/208
Full Disclosure: [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84630
Edit Limit module for Drupal comments security bypass CVE-2013-2122 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2013/05/29/9
oss-security - Re: CVE request for Drupal contributed modules
-
https://drupal.org/node/2006188
edit_limit 7.x-1.3 | Drupal.orgVendor Advisory
Products affected by CVE-2013-2122
- cpe:2.3:a:quade:edit_limit:7.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:quade:edit_limit:7.x-1.1:*:*:*:*:*:*:*