CVE-2013-4609

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:55

Type Values Removed Values Added
References () http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf - () http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf -

01 Jul 2021, 16:58

Type Values Removed Values Added
CPE cpe:2.3:a:project-redcap:redcap:4.14.3:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.0:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:*:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.2:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.4:*:*:*:*:*:*:*
cpe:2.3:a:project-redcap:redcap:4.14.1:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*

Information

Published : 2013-06-17 11:38

Updated : 2024-11-21 01:55


NVD link : CVE-2013-4609

Mitre link : CVE-2013-4609

CVE.ORG link : CVE-2013-4609


JSON object : View

Products Affected

project-redcap

  • redcap

vanderbilt

  • redcap
CWE
CWE-264

Permissions, Privileges, and Access Controls