Lucene search
HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3355
cve-2015-3355
drupal
batch jobs
csrf
cross-site request forgery
security vulnerability
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors.
Affected configurations
Node
batch_jobs_projectbatch_jobsRange≤7.x-1.1drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| batch_jobs_project:batch_jobs | batch jobs project batch jobs | le | 7.x-1.1 |
Related
cvelist
cvelist
CVE-2015-3355
2015-04-21 16:00:00
prion
prion
Cross site request forgery (csrf)
2015-04-21 16:59:00
nvd
nvd
CVE-2015-3355
2015-04-21 16:59:14
drupal
drupal
SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF)
2015-01-07 00:00:00
SA-CONTRIB-2015-014 - Wishlist - Multiple vulnerabilities
2015-01-14 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.6%
Related for CVE-2015-3355