CVE-2013-4501

The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2123727	Patch
https://drupal.org/node/2123995	Patch Vendor Advisory
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2123727	Patch
https://drupal.org/node/2123995	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:-::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha1::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha2::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha3::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha4::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha5::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta1::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta2::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta3::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta4::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta5::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta6::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta7::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta8::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:dev::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc1::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc10::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc2::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc3::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc4::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc5::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc6::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc7::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc8::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc9::::drupal::*
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.1:::::drupal::
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.2:::::drupal::
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.3:::::drupal::
	cpe:2.3:a:quiz_module_project:quiz:6.x-4.4:::::drupal::

History

21 Nov 2024, 01:55

Type	Values Removed	Values Added
References	~~() http://seclists.org/oss-sec/2013/q4/210 -~~	() http://seclists.org/oss-sec/2013/q4/210 -
References	~~() https://drupal.org/node/2123727 - Patch~~	() https://drupal.org/node/2123727 - Patch
References	~~() https://drupal.org/node/2123995 - Patch, Vendor Advisory~~	() https://drupal.org/node/2123995 - Patch, Vendor Advisory

Information

Published : 2014-05-13 15:55

Updated : 2025-04-12 10:46

NVD link : CVE-2013-4501

Mitre link : CVE-2013-4501

CVE.ORG link : CVE-2013-4501

JSON object : View

Products Affected

quiz_module_project

quiz

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4501", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-13T15:55:04.077", "references": [{"url": "http://seclists.org/oss-sec/2013/q4/210", "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/2123727", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://drupal.org/node/2123995", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/oss-sec/2013/q4/210", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/2123727", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drupal.org/node/2123995", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors."}, {"lang": "es", "value": "Las visualizaciones por defecto en el m\u00f3dulo Quiz 6.x-4.x anterior a 6.x-4.5 para Drupal permite a atacantes remotos obtener resultados de cuestionario sensibles a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:-:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "BF32FC79-98CC-4E86-AEA8-ECB9811F7BD1"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha1:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "1C474086-A91E-4ECC-9B5F-A35484F811AC"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha2:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "3D10947D-72CC-4333-A227-1B780D951484"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha3:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "C8FA9D63-C1AC-411D-988D-1C01C854F33F"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha4:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "1C581A55-AA16-46A9-9068-C93F282B7C23"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:alpha5:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "CD44FD59-8E5A-4A0F-8268-D02EE3437458"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta1:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "C7BC2762-D151-4E22-A171-49AD547085AE"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta2:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "44A36E94-B1B5-48F8-B0BA-27AE145DA93D"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta3:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "56F29CF9-1F9A-440F-81A6-B3C369F30CC6"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta4:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "E5F66954-E19C-410A-8672-3EC4421AB4DC"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta5:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "2977B97B-9628-46C6-90B7-CD7406D775D2"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta6:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "EBF82F0B-3E59-478B-9A19-D0133104E9D1"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta7:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "84821A43-C507-4FD5-A84B-5BE082859070"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:beta8:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "F61732A7-752B-4A97-ACA1-A29A36027A56"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:dev:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "876A57E6-94C2-4DFD-B50D-5B203151987E"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc1:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "6B69B61F-B56C-48EB-88EE-4FB38700D24D"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc10:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "F9064372-0DF8-4F89-B042-10DFDAC84456"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc2:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "3C51D5C4-C7A7-41C8-9BED-2107A015DA10"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc3:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "468CABE0-584A-40F5-AF91-755A507C0FE7"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc4:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "464C64F4-A890-4073-8550-E1A007605E6F"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc5:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "8B601EDF-1873-4039-A08C-A8995C2B5FFE"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc6:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "4DCB4083-DA35-4813-9A45-33C689345B87"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc7:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "2BCC5096-C2EE-4DF0-A1F7-98901A012D48"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc8:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "F2C1B27E-B00D-4C5A-A413-8518F7178918"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.0:rc9:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "D6785F02-BDA9-498A-8CA7-4868A1176A94"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.1:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "9C0A5400-1223-4053-B3A8-FD4E26935348"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.2:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "F0928046-0CF5-46BC-960A-345C82513308"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.3:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "C8790FCF-B4D5-40B4-BF7C-35A62CA97764"}, {"criteria": "cpe:2.3:a:quiz_module_project:quiz:6.x-4.4:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "B136315D-EA4E-42FE-9DEF-C745DF1E35EA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10