CVE-2014-1476
Drupal 7.x < 7.26 - Authenticated Information Disclosure via Taxonomy Module
Title source: llmDescription
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2847
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64973
Various Sources x_refsource_confirm
https://drupal.org/SA-CORE-2014-001
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56260
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
Scores
EPSS
0.0036
EPSS Percentile
58.4%
Details
CWE
CWE-264
Status
published
Products (18)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.10
drupal/drupal
7.11
drupal/drupal
7.12
drupal/drupal
7.13
drupal/drupal
7.14
drupal/drupal
7.15
drupal/drupal
7.16
... and 8 more
Published
Jan 24, 2014
Tracked Since
Feb 18, 2026