CVE-2016-6212
MEDIUM5.3EPSS 0.54%Drupal Views can allow unauthorized users to see Statistics information
Published: 5/17/2022Modified: 4/23/2024
Description
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
Affected packages (2)
- Packagist/drupal/core>= 8.0, < 8.1.3
- Packagist/drupal/drupal>= 8.0, < 8.1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6212
- PATCHhttps://github.com/drupal/core
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-6212.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-6212.yaml
- WEBhttps://www.drupal.org/node/2749333
- WEBhttps://www.drupal.org/SA-CORE-2016-002
- WEBhttp://www.openwall.com/lists/oss-security/2016/07/13/4
- WEBhttp://www.openwall.com/lists/oss-security/2016/07/13/7
- WEBhttp://www.securityfocus.com/bid/91230