Lucene search

[email protected]CVE-2015-5491

HistoryAug 18, 2015 - 5:59 p.m.

CVE-2015-5491

2015-08-1817:59:36

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-5491

dynamic display block module

drupal

access restriction bypass

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the “administer ddblock” permission.

Affected configurations

NVD

Node

dynamic_display_block_projectdynamic_display_blockMatch7.x-1.0beta1drupal

dynamic_display_block_projectdynamic_display_blockMatch7.x-1.0rc1drupal

dynamic_display_block_projectdynamic_display_blockMatch7.x-1.xdevdrupal

CPENameOperatorVersion
dynamic_display_block_project:dynamic_display_blockdynamic display block project dynamic display blockeq7.x-1.0
dynamic_display_block_project:dynamic_display_blockdynamic display block project dynamic display blockeq7.x-1.x

CPE	Name	Operator	Version
dynamic_display_block_project:dynamic_display_block	dynamic display block project dynamic display block	eq	7.x-1.0
dynamic_display_block_project:dynamic_display_block	dynamic display block project dynamic display block	eq	7.x-1.x

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.drupal.org/node/2484157

www.drupal.org/node/2504965

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for CVE-2015-5491

prion1 drupal1 cvelist1 nvd1