Lucene search
HistorySep 17, 2015 - 4:59 p.m.
CVE-2015-7226
cve-2015-7226
drupal
administration views
information security
access permissions
vulnerability
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
Affected configurations
Node
administration_views_projectadministration_viewsMatch7.x-1.0drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.0rc1drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.1drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.2drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.3drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.4drupal
ORadministration_views_projectadministration_viewsMatch7.x-1.xdevdrupal
Related
prion
prion
Information disclosure
2015-09-17 16:59:00
drupal
drupal
Administration Views - Critical - Information Disclosure - SA-CONTRIB-2015-132
2015-07-08 00:00:00
nvd
nvd
CVE-2015-7226
2015-09-17 16:59:05
cvelist
cvelist
CVE-2015-7226
2015-09-17 16:00:00
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%
Related for CVE-2015-7226