MidnightBSD

Advisories for node_access_user_reference_project

CVE-2013-2123 MEDIUM

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.x
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.1
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.2
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.2
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.3
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.6
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.1
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.8
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.3
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.4
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.9
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.0
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.5
node_access_user_reference_project nodeaccess_userreference_module 6.x-3.0
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.x
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.4
node_access_user_reference_project nodeaccess_userreference_module 7.x-3.7