CVE-2015-4375

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1:*:*:*:drupal:*:*

History

21 Nov 2024, 02:30

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2015/03/22/35 - () http://www.openwall.com/lists/oss-security/2015/03/22/35 -
References () http://www.openwall.com/lists/oss-security/2015/04/25/6 - () http://www.openwall.com/lists/oss-security/2015/04/25/6 -
References () https://www.drupal.org/node/2454883 - Patch () https://www.drupal.org/node/2454883 - Patch
References () https://www.drupal.org/node/2454909 - Patch, Vendor Advisory () https://www.drupal.org/node/2454909 - Patch, Vendor Advisory

Information

Published : 2015-06-15 14:59

Updated : 2024-11-21 02:30


NVD link : CVE-2015-4375

Mitre link : CVE-2015-4375

CVE.ORG link : CVE-2015-4375


JSON object : View

Products Affected

chaos_tool_suite_project

  • ctools
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor