drupal6-cck

• Author: Miklos Vajna
• Vulnerable: 6.x_2.6-1
• Unaffected: 6.x_2.7-1locris1

Some vulnerabilities have been reported in the Drupal Content Construction Kit, which can be exploited by malicious users to disclose sensitive information.

1. A vulnerability in the CCK “Node Reference” module is caused due to improper validation of access levels, which can be exploited to gain view access to controlled nodes.
2. Another vulnerability in the “Node Reference” module is caused due to improper validation of access levels for a backend URL. This can be exploited to send direct queries to the backend URL and disclose node titles and IDs.

• Bug Tracker URL: http://bugs.frugalware.org/task/4243

CVEs:

• No CVE, see http://drupal.org/node/829566.