Lucene search

K
cve[email protected]CVE-2015-7226
HistorySep 17, 2015 - 4:59 p.m.

CVE-2015-7226

2015-09-1716:59:05
CWE-200
web.nvd.nist.gov
20
cve-2015-7226
drupal
administration views
information security
access permissions
vulnerability

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.2%

The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.

Affected configurations

NVD
Node
administration_views_projectadministration_viewsMatch7.x-1.0drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.0rc1drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.1drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.2drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.3drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.4drupal
OR
administration_views_projectadministration_viewsMatch7.x-1.xdevdrupal

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.2%

Related for CVE-2015-7226