Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| drupal/drupal(Packagist) | 7.0 | 7.14 | N/A |
CVSS Metrics
