Lucene search

K
archlinuxArch LinuxASA-201510-21
HistoryOct 23, 2015 - 12:00 a.m.

drupal: open redirect

2015-10-2300:00:00
Arch Linux
lists.archlinux.org
10

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.0%

The Overlay module in Drupal core displays administrative pages as a
layer over the current page (using JavaScript), rather than replacing
the page in the browser window. The Overlay module does not sufficiently
validate URLs prior to displaying their contents, leading to an open
redirect vulnerability.

This vulnerability is mitigated by the fact that it can only be used
against site users who have the "Access the administrative overlay"
permission, and that the Overlay module must be enabled.

OSVersionArchitecturePackageVersionFilename
anyanyanydrupal< 7.41-1UNKNOWN

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.0%

Related for ASA-201510-21