Vulnerabilities > CVE-2013-4226 - Missing Authorization vulnerability in Drupal Authenticated User Page Caching

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

drupal

CWE-862

NVD

Published: 2020-02-18

Updated: 2020-02-26

Summary

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.

Vulnerable Configurations

Part	Description	Count
Application	Drupal Drupal Authenticated User Page Caching 7.X-1.1 Drupal Authenticated User Page Caching 7.X-1.2 Drupal Authenticated User Page Caching 7.X-1.3 Drupal Authenticated User Page Caching 7.X-1.4 Drupal Authenticated User Page Caching 7.X-1.5 Drupal Authenticated User Page Caching 7.X-1.0	6

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References