CVE-2014-5179
First published: Wed Aug 06 2014(Updated: )
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freelinking For Case Tracker Project Freelinking For Case Tracker | ||
| Drupal Freelinking |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-5179?
CVE-2014-5179 has a medium severity, allowing unauthorized access to sensitive information.
How do I fix CVE-2014-5179?
To fix CVE-2014-5179, update the Freelinking module to the latest version that includes access permission checks.
What applications are affected by CVE-2014-5179?
CVE-2014-5179 affects the Freelinking module used in both the Freelinking for Case Tracker module and the standalone Drupal Freelinking.
What type of vulnerabilities does CVE-2014-5179 represent?
CVE-2014-5179 represents an access control vulnerability that can lead to information disclosure.
Can CVE-2014-5179 be exploited remotely?
Yes, CVE-2014-5179 can be exploited remotely by attackers crafting specific links to gain sensitive information.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freelinking for case tracker project
- canonical/freelinking for case tracker project freelinking for case tracker
- vendor/freelinking project
- canonical/drupal freelinking