CVE-2015-4355

{"id": "CVE-2015-4355", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-06-15T14:59:09.937", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/72810", "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2437993", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en el m\u00f3dulo Watchdog Aggregator para Drupal permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que habilitan o deshabilitan sitios de monitorizaci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-06-09T21:38:45.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchdog_aggregator_project:watchdog_aggregator:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "057B2EB3-B837-4812-BFBC-EEED4A9A1A6B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}