CVE-2016-9449

Loading...

General

Score:4.0/10.0
Severity:Low
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2016-9450, CVE-2016-9451, CVE-2016-9452

Published on 25/11/16 - Updated on 07/01/17

Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2016-9449
Arch Linux ASA-201611-20
Debian DSA-3718-1
Debian LTSDLA-715-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
drupaldrupal

Share this vulnerability with:

Twitter Facebook LinkedIn Mail