{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-05-13T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/449030"}, {"name": "34778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34778"}, {"name": "ADV-2009-1212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1212"}, {"name": "34955", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34955"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1507", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/449030", "refsource": "CONFIRM", "url": "http://drupal.org/node/449030"}, {"name": "34778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34778"}, {"name": "ADV-2009-1212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1212"}, {"name": "34955", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34955"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:13:25.753Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/449030"}, {"name": "34778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34778"}, {"name": "ADV-2009-1212", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1212"}, {"name": "34955", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34955"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1507", "datePublished": "2009-05-01T17:00:00.000Z", "dateReserved": "2009-05-01T00:00:00.000Z", "dateUpdated": "2024-08-07T05:13:25.753Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "258146DF-AE15-409C-BE70-725982EA136C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1007E9C-8634-4A8E-8A36-5F337F766BD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "30D3C011-FEBF-4435-8F9D-19B5187D090F", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B92368BC-20A6-42B5-889D-53AB1BA028B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "17D553E7-8EBB-4EAC-A9F3-E1524F7AA154", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "EAF88146-F2AB-4A49-BE0B-5EE56BF180DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "7E6A50E4-6B5C-4683-B3F9-7FDEFB9F0CCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "A2360CB4-D4F4-462D-B0BC-4E44C91D98E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F30F5EBC-0350-4D2B-9145-DB9AF13A90AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "942B1BC4-11AE-42F4-BD8D-83898432DC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5F7C7F90-9FEF-4D31-9643-5D92AF7F1D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD0A18F6-8EE6-41D8-AF69-FFAABEB47661", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "66824B75-7E7E-45CA-9D9D-F916D4C8B9D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "ADA0F06E-3674-4816-9BBE-8B1668B71E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "4E7AAAB4-D435-400E-8532-201A96EF93A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2102783C-0725-4BC0-B809-BFB32E8E1330", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "08CD2483-246B-4987-B20B-383C0E1A989C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "00E69FB5-6D7E-4830-B371-C36D4F512030", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "4AEDC123-2E18-4181-A1D7-412641D2249A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "5735D8E8-3B78-4ED4-80F5-5C5BC16658AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node."}, {"lang": "es", "value": "El m\u00f3dulo Node Access User Reference v5.x anterior a v5.x-2.0-beta4 y v6.x anterior a v6.x-2.0-beta6, un m\u00f3dulo para Drupal, interpreta un referencia a usuario CCK vac\u00eda como una referencia al usuario an\u00f3nimo, lo cual puede permitir a atacantes remotos eludir las restricciones de acceso para leer o modificar un nodo."}], "id": "CVE-2009-1507", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-01T17:30:00.547", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/449030"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34955"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34778"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/449030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1212"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}