Vigil@nce - Drupal Revisioning: information disclosure
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read unpublished documents of Drupal Revisioning,
in order to obtain sensitive information.
– Impacted products: Drupal Modules
– Severity: 1/4
– Creation date: 14/11/2013
DESCRIPTION OF THE VULNERABILITY
The Drupal Revisioning modules sets up a publication workflow.
However, using the Scheduler module, and a module that modifies
the node access permissions table, an attacker can read
unpublished documents.
An attacker can therefore read unpublished documents of Drupal
Revisioning, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Revisioning-information-disclosure-13779