What is the severity of CVE-2010-2353?

The severity of CVE-2010-2353 is considered moderate, as it allows unauthorized access to node titles and IDs.

How do I fix CVE-2010-2353?

To fix CVE-2010-2353, upgrade to the CCK module version 6.x-2.7 or later for Drupal.

What is the impact of CVE-2010-2353 on my Drupal site?

The impact of CVE-2010-2353 on your Drupal site includes the potential exposure of sensitive information related to controlled nodes.

Which versions of CCK are affected by CVE-2010-2353?

CCK versions prior to 6.x-2.7, including various alpha and release candidate versions, are affected by CVE-2010-2353.

Is CVE-2010-2353 a client-side or server-side vulnerability?

CVE-2010-2353 is a server-side vulnerability affecting the backend URL of the autocomplete widget.

Vulnerability/
CVE-2010-2353

medium

CWE

264

21/6/2010

7/8/2024

CVE-2010-2353

First published: Mon Jun 21 2010(Updated: )

The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Drupal Drupal
Yves Chedemois Cck	=6.x-1.0-alpha
Yves Chedemois Cck	=6.x-1.x-dev
Yves Chedemois Cck	=6.x-2.0
Yves Chedemois Cck	=6.x-2.0-beta
Yves Chedemois Cck	=6.x-2.0-rc1
Yves Chedemois Cck	=6.x-2.0-rc10
Yves Chedemois Cck	=6.x-2.0-rc2
Yves Chedemois Cck	=6.x-2.0-rc3
Yves Chedemois Cck	=6.x-2.0-rc4
Yves Chedemois Cck	=6.x-2.0-rc5
Yves Chedemois Cck	=6.x-2.0-rc6
Yves Chedemois Cck	=6.x-2.0-rc7
Yves Chedemois Cck	=6.x-2.0-rc8
Yves Chedemois Cck	=6.x-2.0-rc9
Yves Chedemois Cck	=6.x-2.1
Yves Chedemois Cck	=6.x-2.2
Yves Chedemois Cck	=6.x-2.3
Yves Chedemois Cck	=6.x-2.4
Yves Chedemois Cck	=6.x-2.5
Yves Chedemois Cck	=6.x-2.6
Yves Chedemois Cck	=6.x-2.x-dev
Yves Chedemois Cck	=6.x-3.x-dev

Remedy

http://drupal.org/node/829566

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2353?
The severity of CVE-2010-2353 is considered moderate, as it allows unauthorized access to node titles and IDs.
How do I fix CVE-2010-2353?
To fix CVE-2010-2353, upgrade to the CCK module version 6.x-2.7 or later for Drupal.
What is the impact of CVE-2010-2353 on my Drupal site?
The impact of CVE-2010-2353 on your Drupal site includes the potential exposure of sensitive information related to controlled nodes.
Which versions of CCK are affected by CVE-2010-2353?
CCK versions prior to 6.x-2.7, including various alpha and release candidate versions, are affected by CVE-2010-2353.
Is CVE-2010-2353 a client-side or server-side vulnerability?
CVE-2010-2353 is a server-side vulnerability affecting the backend URL of the autocomplete widget.

collector/nvd-historical
collector/nvd-index
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/references
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/severity
agent/weakness
agent/trending
agent/tags
agent/source
vendor/drupal
canonical/drupal drupal
vendor/yves chedemois
canonical/yves chedemois cck
version/yves chedemois cck/6.x-1.0-alpha
version/yves chedemois cck/6.x-1.x-dev
version/yves chedemois cck/6.x-2.0
version/yves chedemois cck/6.x-2.0-beta
version/yves chedemois cck/6.x-2.0-rc1
version/yves chedemois cck/6.x-2.0-rc10
version/yves chedemois cck/6.x-2.0-rc2
version/yves chedemois cck/6.x-2.0-rc3
version/yves chedemois cck/6.x-2.0-rc4
version/yves chedemois cck/6.x-2.0-rc5
version/yves chedemois cck/6.x-2.0-rc6
version/yves chedemois cck/6.x-2.0-rc7
version/yves chedemois cck/6.x-2.0-rc8
version/yves chedemois cck/6.x-2.0-rc9
version/yves chedemois cck/6.x-2.1
version/yves chedemois cck/6.x-2.2
version/yves chedemois cck/6.x-2.3
version/yves chedemois cck/6.x-2.4
version/yves chedemois cck/6.x-2.5
version/yves chedemois cck/6.x-2.6
version/yves chedemois cck/6.x-2.x-dev
version/yves chedemois cck/6.x-3.x-dev

Frequently Asked Questions

What is the severity of CVE-2010-2353?
The severity of CVE-2010-2353 is considered moderate, as it allows unauthorized access to node titles and IDs.
How do I fix CVE-2010-2353?
To fix CVE-2010-2353, upgrade to the CCK module version 6.x-2.7 or later for Drupal.
What is the impact of CVE-2010-2353 on my Drupal site?
The impact of CVE-2010-2353 on your Drupal site includes the potential exposure of sensitive information related to controlled nodes.
Which versions of CCK are affected by CVE-2010-2353?
CCK versions prior to 6.x-2.7, including various alpha and release candidate versions, are affected by CVE-2010-2353.
Is CVE-2010-2353 a client-side or server-side vulnerability?
CVE-2010-2353 is a server-side vulnerability affecting the backend URL of the autocomplete widget.

CVE-2010-2353

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2353?

How do I fix CVE-2010-2353?

What is the impact of CVE-2010-2353 on my Drupal site?

Which versions of CCK are affected by CVE-2010-2353?

Is CVE-2010-2353 a client-side or server-side vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2010-2353?

How do I fix CVE-2010-2353?

What is the impact of CVE-2010-2353 on my Drupal site?

Which versions of CCK are affected by CVE-2010-2353?

Is CVE-2010-2353 a client-side or server-side vulnerability?