CVE-2008-1731 Information

Description

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes which might allow remote attackers to bypass intended access restrictions and read or modify nodes in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

Reference

http://drupal.org/node/244560 http://secunia.com/advisories/29772 http://www.osvdb.org/44271 http://www.securityfocus.com/bid/28720 http://www.vupen.com/english/advisories/2008/1184 https://exchange.xforce.ibmcloud.com/vulnerabilities/41756