CVE-2016-6212
Published: 9 September 2016
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
drupal7 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(Views module, not in core)
|
| trusty |
Not vulnerable
(Views module, not in core)
|
|
| upstream |
Not vulnerable
(Views module, not in core)
|
|
| wily |
Not vulnerable
(Views module, not in core)
|
|
| xenial |
Not vulnerable
(Views module, not in core)
|
|
|
drupal8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Released
(8.1.3)
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |