Unauthenticated Access to Unpublished Content in Drupal Revisioning Module

Unauthenticated Access to Unpublished Content in Drupal Revisioning Module

CVE-2013-4597 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Learn more about our User Device Pen Test.