Lucene search

[email protected]CVE-2015-4382

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4382

2015-06-1514:59:38

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-4382

csrf

drupal

invoice module

nvd

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors.

Affected configurations

NVD

Node

invoice_projectinvoiceMatch6.x-1.1drupal

invoice_projectinvoiceMatch7.x-1.x-devdrupal

CPENameOperatorVersion
invoice_project:invoiceinvoice project invoiceeq6.x-1.1
invoice_project:invoiceinvoice project invoiceeq7.x-1.x-dev

CPE	Name	Operator	Version
invoice_project:invoice	invoice project invoice	eq	6.x-1.1
invoice_project:invoice	invoice project invoice	eq	7.x-1.x-dev

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74345

www.drupal.org/node/2459337

www.drupal.org/node/2474135

www.drupal.org/node/2474139

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.7%

JSON

Related for CVE-2015-4382

cvelist1 prion1 nvd1 drupal1