CVE-2016-9449

CWE-200 — Information Exposure8 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 55.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Core Drupal Drupal

Timeline

PublishedNov 25

Latest updateMay 17

Description

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Packagistdrupal/core7.0 — 7.52+1

▶Packagistdrupal/drupal8.0 — 8.2.3+1

▶NVDdrupal/drupal62 versions+61

Patches

Patch: www.drupal.org ↗Patch: www.drupal.org ↗

🔴Vulnerability Details

GHSA

Drupal sensitive information disclosure↗2022-05-17

▶

OSV

Drupal sensitive information disclosure↗2022-05-17

▶

CVEList

CVE-2016-9449: The taxonomy module in Drupal 7↗2016-11-25

▶

OSV

CVE-2016-9449: The taxonomy module in Drupal 7↗2016-11-25

▶

💬Community

Bugzilla

CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal: Multiple vulnerabilities fixed in 7.52↗2016-11-18

▶

Bugzilla

CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [epel-all]↗2016-11-18

▶

Bugzilla

CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [fedora-all]↗2016-11-18

▶