Drupal Chaos tool suite (ctools) Module Information

by Carol~ Moderator - 4/4/13 10:46 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Drupal Chaos tool suite (ctools) Module Information Disclosure Security Issue

Release Date : 2013-04-04

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Software: Drupal Chaos tool suite (ctools) Module 7.x

Description:
A security issue has been reported in the Chaos tool suite (ctools) module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.

The security issue is caused due to the application not properly restricting access to node titles and can be exploited to e.g. disclose titles of restricted nodes.

Successful exploitation of this security issue requires a role with "access content" permission.

The security issue is reported in versions 7.x-1.x prior to 7.x.1-3.

Solution:
Update to version 7.x-1.3.

Provided and/or discovered by:
The vendor credits Greg Knaddison, Drupal Security Team and Cash Williams.

Original Advisory:
SA-CONTRIB-2013-041:
http://drupal.org/node/1960406

http://secunia.com/advisories/52822/