| Vulnerability Name: | CVE-2008-3000 (CCN-43017) | ||||||||
| Assigned: | 2008-06-11 | ||||||||
| Published: | 2008-06-11 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. Per Hyperlink Record 1026625, Drupal core is not affected. If you do not use the contributed Aggregation module, there is nothing you need to do. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3000 Source: CCN Type: DRUPAL-SA-2008-035 Aggregation - Multiple vulnerabilities Source: CONFIRM Type: Patch http://drupal.org/node/269479 Source: CCN Type: SA30618 Drupal Aggregation Module Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 30618 Source: CCN Type: OSVDB ID: 46284 Aggregation Module for Drupal Unspecified Access Restriction Bypass Source: BID Type: UNKNOWN 29677 Source: CCN Type: BID-29677 Drupal Aggregation Module Multiple Vulnerabilities Source: XF Type: UNKNOWN aggregation-access-security-bypass(43017) Source: XF Type: UNKNOWN aggregation-access-security-bypass(43017) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||