Lucene search

[email protected]CVE-2015-4364

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4364

2015-06-1514:59:19

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-4364

csrf

vulnerabilities

campaign monitor module

drupal

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).

Affected configurations

NVD

Node

campaign_monitor_projectcampaign_monitorMatch7.x-1.0drupal

CPENameOperatorVersion
campaign_monitor_project:campaign_monitorcampaign monitor project campaign monitoreq7.x-1.0

CPE	Name	Operator	Version
campaign_monitor_project:campaign_monitor	campaign monitor project campaign monitor	eq	7.x-1.0

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72953

www.drupal.org/node/2445971

www.drupal.org/node/2449747

www.drupal.org/node/2452569

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2015-4364

prion1 cvelist1 drupal1 nvd1