Vulnerability Details : CVE-2014-5179
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
Exploit prediction scoring system (EPSS) score for CVE-2014-5179
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-5179
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-5179
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5179
-
http://www.securityfocus.com/bid/68861
Drupal Freelinking And Freelinking Case Tracker Modules Security Bypass Vulnerability
-
https://www.drupal.org/node/2308503
SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass | Drupal.orgVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94870
Freelinking module for Drupal Case Tracker security bypass CVE-2014-5179 Vulnerability Report
Products affected by CVE-2014-5179
- cpe:2.3:a:freelinking_project:freelinking:-:*:*:*:*:drupal:*:*
- cpe:2.3:a:freelinking_for_case_tracker_project:freelinking_for_case_tracker:-:*:*:*:*:drupal:*:*