CVE-2016-9449
MEDIUM4.3EPSS 0.21%drupal7 - security update
發布日:2022/5/17修改日:2026/3/9
描述
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
受影響套件(4)
- Debian/drupal7from 0, < 7.14-2+deb7u15
- Debian/drupal7from 0, < 7.32-1+deb8u8
- Packagist/drupal/core>= 7.0, < 7.52
- Packagist/drupal/drupal>= 8.0, < 8.2.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-9449
- PATCHhttps://github.com/drupal/core
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml
- WEBhttps://www.drupal.org/SA-CORE-2016-005
- WEBhttp://www.debian.org/security/2016/dsa-3718
- WEBhttp://www.securityfocus.com/bid/94367