CVE-2015-7229

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:twitter_project:twitter:6.x-5.0:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:6.x-5.1:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:6.x-5.x:dev:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.0:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.1:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.2:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.3:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.4:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.5:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.6:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.7:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-5.8:*:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha2:*:*:*:drupal:*:*

History

21 Nov 2024, 02:36

Type Values Removed Values Added
References () https://www.drupal.org/node/2559981 - Patch () https://www.drupal.org/node/2559981 - Patch
References () https://www.drupal.org/node/2559985 - Patch () https://www.drupal.org/node/2559985 - Patch
References () https://www.drupal.org/node/2559989 - Patch () https://www.drupal.org/node/2559989 - Patch
References () https://www.drupal.org/node/2565827 - Patch, Vendor Advisory () https://www.drupal.org/node/2565827 - Patch, Vendor Advisory

Information

Published : 2015-09-17 16:59

Updated : 2024-11-21 02:36


NVD link : CVE-2015-7229

Mitre link : CVE-2015-7229

CVE.ORG link : CVE-2015-7229


JSON object : View

Products Affected

twitter_project

  • twitter
CWE
CWE-264

Permissions, Privileges, and Access Controls