Vigil@nce - Drupal Nodeaccess: privilege escalation
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use Drupal Nodeaccess, in order to
edit nodes.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 09/10/2014
DESCRIPTION OF THE VULNERABILITY
The Nodeaccess module can be installed on Drupal.
However, this module grants read, write and delete access to node
authors.
An authenticated attacker can therefore use Drupal Nodeaccess, in
order to edit nodes.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Nodeaccess-privilege-escalation-15453