CVE-2015-5508

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/75277
https://www.drupal.org/node/2507619	Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/75277
https://www.drupal.org/node/2507619	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:the_extensible_catalog_drupal_toolkit_project:the_extensible_catalog_drupal_toolkit:-:*:*:*:*:drupal:*:*

History

21 Nov 2024, 02:33

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2015/07/04/4 -~~	() http://www.openwall.com/lists/oss-security/2015/07/04/4 -
References	~~() http://www.securityfocus.com/bid/75277 -~~	() http://www.securityfocus.com/bid/75277 -
References	~~() https://www.drupal.org/node/2507619 - Vendor Advisory~~	() https://www.drupal.org/node/2507619 - Vendor Advisory

Information

Published : 2015-08-18 18:00

Updated : 2024-11-21 02:33

NVD link : CVE-2015-5508

Mitre link : CVE-2015-5508

CVE.ORG link : CVE-2015-5508

JSON object : View

Products Affected

the_extensible_catalog_drupal_toolkit_project

the_extensible_catalog_drupal_toolkit

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2015-5508", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-08-18T18:00:13.817", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/75277", "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2507619", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75277", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/node/2507619", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the \"administer ncip providers\" permission for requests that alter NCIP providers via a crafted request."}, {"lang": "es", "value": "Vulnerabilidad CSRF en el m\u00f3dulo XC NCIP Provider en el eXtensible Catalog (XC) Drupal Toolkit, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios con los permisos de 'administer ncip providers' para solicitudes que alteran los proveedores NCIP a trav\u00e9s de una petici\u00f3n manipulada."}], "lastModified": "2024-11-21T02:33:10.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:the_extensible_catalog_drupal_toolkit_project:the_extensible_catalog_drupal_toolkit:-:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "5011E576-A5E7-4C52-9526-F0F22B4DBB3E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}