Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2015-4389
HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4389

2015-06-1514:59:44
CWE-264
mitre
web.nvd.nist.gov
24
drupal
open graph importer
og_tag_importer
cve-2015-4389
nvd
security vulnerability

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

46.7%

JSON

The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the “import og_tag_importer” permission.

Affected configurations

Nvd
Node
open_graph_importer_projectopen_graph_importerMatch7.x-1.0drupal
VendorProductVersionCPE
open_graph_importer_projectopen_graph_importer7.x-1.0cpe:2.3:a:open_graph_importer_project:open_graph_importer:7.x-1.0:*:*:*:*:drupal:*:*

Related

nvd 1
drupal 1
cvelist 1
prion 1
nvd
nvd
CVE-2015-4389
2015-06-15 14:59:44
drupal
drupal
Open Graph Importer - Moderately Critical - Access bypass - Unsupported - SA-CONTRIB-2015-092
2015-04-01 00:00:00
cvelist
cvelist
CVE-2015-4389
2015-06-15 14:00:00
prion
prion
Open redirect
2015-06-15 14:59:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

46.7%

JSON
Related for CVE-2015-4389
nvd1drupal1cvelist1prion1