CVE-2015-7305

The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."
References
Link Resource
https://www.drupal.org/node/2569621 Patch Vendor Advisory
https://www.drupal.org/node/2569631 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ows:scald:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:ows:scald:7.x-1.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-09-21 19:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-7305

Mitre link : CVE-2015-7305

CVE.ORG link : CVE-2015-7305


JSON object : View

Products Affected

ows

  • scald
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor