Unrated severityNVD Advisory· Published Jul 19, 2014· Updated May 6, 2026
CVE-2013-4273
CVE-2013-4273
Description
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.
Affected products
16cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta10:*:*:*:drupal:*:*+ 15 more
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta10:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta11:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta1:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta2:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta3:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta4:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta5:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta6:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta7:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta8:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:beta9:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc1:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc2:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.0:rc3:*:*:*:drupal:*:*
- cpe:2.3:a:entity_api_project:entity_api:7.x-1.1:*:*:*:*:drupal:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- drupal.org/node/2065207nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2013/08/22/2nvd
- drupal.org/node/2065197nvd
News mentions
0No linked articles in our index yet.