CVE-2013-7066 Information

Description

The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.

Reference

https://drupal.org/node/2140229 https://drupal.org/node/2140237