Drupal CCK "Node Reference" Module < 6.x-2.8 Security Bypass Vulnerability
High Nessus Network Monitor Plugin ID 5643
SynopsisThe remote web server is hosting a web application that is vulnerable to a security bypass attack.
DescriptionThe remote web server hosts a Drupal install that uses the CCK "Node Reference" module. Versions of the CCK Module earlier than 6.x-2.8 are potentially affected by a security bypass vulnerability. The application provides a backend URL that is used for asynchronous requests by the 'autocomplete' widget which fails to correctly check that the user had field level access to the source field.
SolutionUpgrade to Drupal CCK module 6.x-2.8 or later.