What is the severity of CVE-2013-1925?

CVE-2013-1925 is classified as a moderate severity vulnerability that allows unauthorized access to node titles.

How do I fix CVE-2013-1925?

To fix CVE-2013-1925, upgrade the Chaos Tool Suite (Ctools) module to version 7.x-1.3 or later.

Who is affected by CVE-2013-1925?

CVE-2013-1925 affects remote authenticated users with the 'access content' permission in specific versions of the Ctools module.

What versions of Ctools are vulnerable to CVE-2013-1925?

Versions 7.x-1.0 to 7.x-1.2 of the Chaos Tool Suite (Ctools) module are vulnerable to CVE-2013-1925.

What type of attack does CVE-2013-1925 enable?

CVE-2013-1925 enables remote authenticated users to read restricted node titles through an autocomplete list.

Vulnerability/
CVE-2013-1925

low

3.5

CWE

264

16/7/2013

6/8/2024

CVE-2013-1925

First published: Tue Jul 16 2013(Updated: )

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-alpha1
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-alpha2
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-alpha3
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-alpha4
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-beta1
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-rc1
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.0-rc2
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.1
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.2
Chaos Tool Suite (Ctools) for Drupal	=7.x-1.x-dev

Remedy

https://drupal.org/node/1960406

Remedy

https://drupal.org/node/1960424

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1925?
CVE-2013-1925 is classified as a moderate severity vulnerability that allows unauthorized access to node titles.
How do I fix CVE-2013-1925?
To fix CVE-2013-1925, upgrade the Chaos Tool Suite (Ctools) module to version 7.x-1.3 or later.
Who is affected by CVE-2013-1925?
CVE-2013-1925 affects remote authenticated users with the 'access content' permission in specific versions of the Ctools module.
What versions of Ctools are vulnerable to CVE-2013-1925?
Versions 7.x-1.0 to 7.x-1.2 of the Chaos Tool Suite (Ctools) module are vulnerable to CVE-2013-1925.
What type of attack does CVE-2013-1925 enable?
CVE-2013-1925 enables remote authenticated users to read restricted node titles through an autocomplete list.

agent/references
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/chaos tool suite project
canonical/chaos tool suite (ctools) for drupal
version/chaos tool suite (ctools) for drupal/7.x-1.0
version/chaos tool suite (ctools) for drupal/7.x-1.0-alpha1
version/chaos tool suite (ctools) for drupal/7.x-1.0-alpha2
version/chaos tool suite (ctools) for drupal/7.x-1.0-alpha3
version/chaos tool suite (ctools) for drupal/7.x-1.0-alpha4
version/chaos tool suite (ctools) for drupal/7.x-1.0-beta1
version/chaos tool suite (ctools) for drupal/7.x-1.0-rc1
version/chaos tool suite (ctools) for drupal/7.x-1.0-rc2
version/chaos tool suite (ctools) for drupal/7.x-1.1
version/chaos tool suite (ctools) for drupal/7.x-1.2
version/chaos tool suite (ctools) for drupal/7.x-1.x-dev

CVE-2013-1925

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1925?

How do I fix CVE-2013-1925?

Who is affected by CVE-2013-1925?

What versions of Ctools are vulnerable to CVE-2013-1925?

What type of attack does CVE-2013-1925 enable?

Company

Resources

Contact