CVE-2015-5502

The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:storage_api_project:storage_api:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:storage_api_project:storage_api:7.x-1.7:*:*:*:*:drupal:*:*

History

21 Nov 2024, 02:33

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2015/07/04/4 - () http://www.openwall.com/lists/oss-security/2015/07/04/4 -
References () http://www.securityfocus.com/bid/74867 - () http://www.securityfocus.com/bid/74867 -
References () https://www.drupal.org/node/2495895 - Patch () https://www.drupal.org/node/2495895 - Patch
References () https://www.drupal.org/node/2495903 - Patch, Vendor Advisory () https://www.drupal.org/node/2495903 - Patch, Vendor Advisory

Information

Published : 2015-08-18 18:00

Updated : 2024-11-21 02:33


NVD link : CVE-2015-5502

Mitre link : CVE-2015-5502

CVE.ORG link : CVE-2015-5502


JSON object : View

Products Affected

storage_api_project

  • storage_api
CWE
CWE-284

Improper Access Control