CVE-2013-4661
First published: Wed Jan 29 2014(Updated: )
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Civicrm Civicrm | =2.0.0 | |
| Civicrm Civicrm | =2.0.1 | |
| Civicrm Civicrm | =2.0.2 | |
| Civicrm Civicrm | =2.0.3 | |
| Civicrm Civicrm | =2.0.4 | |
| Civicrm Civicrm | =2.0.5 | |
| Civicrm Civicrm | =2.0.6 | |
| Civicrm Civicrm | =2.0.7 | |
| Civicrm Civicrm | =2.1.0 | |
| Civicrm Civicrm | =2.1.1 | |
| Civicrm Civicrm | =2.1.2 | |
| Civicrm Civicrm | =2.1.4 | |
| Civicrm Civicrm | =2.1.6 | |
| Civicrm Civicrm | =2.2.0 | |
| Civicrm Civicrm | =2.2.1 | |
| Civicrm Civicrm | =2.2.2 | |
| Civicrm Civicrm | =2.2.3 | |
| Civicrm Civicrm | =2.2.5 | |
| Civicrm Civicrm | =2.2.6 | |
| Civicrm Civicrm | =2.2.7 | |
| Civicrm Civicrm | =2.2.8 | |
| Civicrm Civicrm | =2.2.9 | |
| Civicrm Civicrm | =3.0.0 | |
| Civicrm Civicrm | =3.0.1 | |
| Civicrm Civicrm | =3.0.2 | |
| Civicrm Civicrm | =3.0.3 | |
| Civicrm Civicrm | =3.0.4 | |
| Civicrm Civicrm | =3.1.1 | |
| Civicrm Civicrm | =3.1.2 | |
| Civicrm Civicrm | =3.1.3 | |
| Civicrm Civicrm | =3.1.4 | |
| Civicrm Civicrm | =3.1.5 | |
| Civicrm Civicrm | =3.1.6 | |
| Civicrm Civicrm | =3.2.0 | |
| Civicrm Civicrm | =3.2.1 | |
| Civicrm Civicrm | =3.2.2 | |
| Civicrm Civicrm | =3.2.3 | |
| Civicrm Civicrm | =3.2.4 | |
| Civicrm Civicrm | =3.2.5 | |
| Civicrm Civicrm | =3.3.0 | |
| Civicrm Civicrm | =3.3.1 | |
| Civicrm Civicrm | =3.3.2 | |
| Civicrm Civicrm | =3.3.3 | |
| Civicrm Civicrm | =3.3.5 | |
| Civicrm Civicrm | =3.3.6 | |
| Civicrm Civicrm | =3.4.0 | |
| Civicrm Civicrm | =4.0.5 | |
| Civicrm Civicrm | =4.1.0 | |
| Civicrm Civicrm | =4.1.1 | |
| Civicrm Civicrm | =4.1.2 | |
| Civicrm Civicrm | =4.1.3 | |
| Civicrm Civicrm | =4.1.4 | |
| Civicrm Civicrm | =4.1.5 | |
| Civicrm Civicrm | =4.1.6 | |
| Civicrm Civicrm | =4.2.0 | |
| Civicrm Civicrm | =4.2.1 | |
| Civicrm Civicrm | =4.2.2 | |
| Civicrm Civicrm | =4.2.4 | |
| Civicrm Civicrm | =4.2.5 | |
| Civicrm Civicrm | =4.2.6 | |
| Civicrm Civicrm | =4.2.7 | |
| Civicrm Civicrm | =4.2.8 | |
| Civicrm Civicrm | =4.2.9 | |
| Civicrm Civicrm | =4.3.0 | |
| Civicrm Civicrm | =4.3.1 | |
| Civicrm Civicrm | =4.3.2 | |
| Civicrm Civicrm | =4.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/type
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/civicrm
- canonical/civicrm civicrm
- version/civicrm civicrm/2.0.0
- version/civicrm civicrm/2.0.1
- version/civicrm civicrm/2.0.2
- version/civicrm civicrm/2.0.3
- version/civicrm civicrm/2.0.4
- version/civicrm civicrm/2.0.5
- version/civicrm civicrm/2.0.6
- version/civicrm civicrm/2.0.7
- version/civicrm civicrm/2.1.0
- version/civicrm civicrm/2.1.1
- version/civicrm civicrm/2.1.2
- version/civicrm civicrm/2.1.4
- version/civicrm civicrm/2.1.6
- version/civicrm civicrm/2.2.0
- version/civicrm civicrm/2.2.1
- version/civicrm civicrm/2.2.2
- version/civicrm civicrm/2.2.3
- version/civicrm civicrm/2.2.5
- version/civicrm civicrm/2.2.6
- version/civicrm civicrm/2.2.7
- version/civicrm civicrm/2.2.8
- version/civicrm civicrm/2.2.9
- version/civicrm civicrm/3.0.0
- version/civicrm civicrm/3.0.1
- version/civicrm civicrm/3.0.2
- version/civicrm civicrm/3.0.3
- version/civicrm civicrm/3.0.4
- version/civicrm civicrm/3.1.1
- version/civicrm civicrm/3.1.2
- version/civicrm civicrm/3.1.3
- version/civicrm civicrm/3.1.4
- version/civicrm civicrm/3.1.5
- version/civicrm civicrm/3.1.6
- version/civicrm civicrm/3.2.0
- version/civicrm civicrm/3.2.1
- version/civicrm civicrm/3.2.2
- version/civicrm civicrm/3.2.3
- version/civicrm civicrm/3.2.4
- version/civicrm civicrm/3.2.5
- version/civicrm civicrm/3.3.0
- version/civicrm civicrm/3.3.1
- version/civicrm civicrm/3.3.2
- version/civicrm civicrm/3.3.3
- version/civicrm civicrm/3.3.5
- version/civicrm civicrm/3.3.6
- version/civicrm civicrm/3.4.0
- version/civicrm civicrm/4.0.5
- version/civicrm civicrm/4.1.0
- version/civicrm civicrm/4.1.1
- version/civicrm civicrm/4.1.2
- version/civicrm civicrm/4.1.3
- version/civicrm civicrm/4.1.4
- version/civicrm civicrm/4.1.5
- version/civicrm civicrm/4.1.6
- version/civicrm civicrm/4.2.0
- version/civicrm civicrm/4.2.1
- version/civicrm civicrm/4.2.2
- version/civicrm civicrm/4.2.4
- version/civicrm civicrm/4.2.5
- version/civicrm civicrm/4.2.6
- version/civicrm civicrm/4.2.7
- version/civicrm civicrm/4.2.8
- version/civicrm civicrm/4.2.9
- version/civicrm civicrm/4.3.0
- version/civicrm civicrm/4.3.1
- version/civicrm civicrm/4.3.2
- version/civicrm civicrm/4.3.3