CVE-2016-9449 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=7.0 <7.52 || >=8.0 <8.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00348 pctl0.56645

Details

Drupal sensitive information disclosure The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

Metadata

Created: 2022-05-17T03:05:27Z
Modified: 2024-04-23T22:17:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p745-347h-hjfw/GHSA-p745-347h-hjfw.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-p745-347h-hjfw
Finding: F038
Auto approve: 1