Lucene search
MitreCVE-2015-3356HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3356
2015-04-2116:59:15
CWE-352
mitre
web.nvd.nist.gov
22
cve-2015-3356
csrf
tadaa! module
drupal
remote attackers
authentication
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.002
Percentile
52.7%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors.
Affected configurations
Node
tadaa\!_projecttadaa\!Range≤7.x-1.3drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tadaa\!_project | tadaa\! | * | cpe:2.3:a:tadaa\!_project:tadaa\!:*:*:*:*:*:drupal:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-04-21 16:59:00
cvelist
cvelist
CVE-2015-3356
2015-04-21 16:00:00
nvd
nvd
CVE-2015-3356
2015-04-21 16:59:15
drupal
drupal
SA-CONTRIB-2015-016 - Tadaa! - Multiple vulnerabilities
2015-01-14 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.002
Percentile
52.7%
Related for CVE-2015-3356