Description
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
Remediation
References
Related Vulnerabilities
WordPress Plugin API Bearer Auth Cross-Site Scripting (20181229)
WordPress Plugin BizLibrary Cross-Site Scripting (1.1)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3572)
Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)
WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)