Lucene search

[email protected]CVE-2015-7229

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-7229

2022-10-0316:15:56

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-7229

twitter module

drupal

unauthorized access

remote user

nvd

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) “post to twitter” permission or change the options for arbitrary attached accounts by leveraging the (2) “add twitter accounts” or (3) “add authenticated twitter accounts” permission.

Affected configurations

NVD

Node

twitter_projecttwitterMatch6.x-5.0drupal

twitter_projecttwitterMatch6.x-5.1drupal

twitter_projecttwitterMatch6.x-5.xdevdrupal

twitter_projecttwitterMatch7.x-5.0drupal

twitter_projecttwitterMatch7.x-5.1drupal

twitter_projecttwitterMatch7.x-5.2drupal

twitter_projecttwitterMatch7.x-5.3drupal

twitter_projecttwitterMatch7.x-5.4drupal

twitter_projecttwitterMatch7.x-5.5drupal

twitter_projecttwitterMatch7.x-5.6drupal

twitter_projecttwitterMatch7.x-5.7drupal

twitter_projecttwitterMatch7.x-5.8drupal

twitter_projecttwitterMatch7.x-6.0alpha1drupal

twitter_projecttwitterMatch7.x-6.0alpha2drupal

CPENameOperatorVersion
twitter_project:twittertwitter project twittereq6.x-5.0
twitter_project:twittertwitter project twittereq6.x-5.1
twitter_project:twittertwitter project twittereq6.x-5.x
twitter_project:twittertwitter project twittereq7.x-5.0
twitter_project:twittertwitter project twittereq7.x-5.1
twitter_project:twittertwitter project twittereq7.x-5.2
twitter_project:twittertwitter project twittereq7.x-5.3
twitter_project:twittertwitter project twittereq7.x-5.4
twitter_project:twittertwitter project twittereq7.x-5.5
twitter_project:twittertwitter project twittereq7.x-5.6

CPE	Name	Operator	Version
twitter_project:twitter	twitter project twitter	eq	6.x-5.0
twitter_project:twitter	twitter project twitter	eq	6.x-5.1
twitter_project:twitter	twitter project twitter	eq	6.x-5.x
twitter_project:twitter	twitter project twitter	eq	7.x-5.0
twitter_project:twitter	twitter project twitter	eq	7.x-5.1
twitter_project:twitter	twitter project twitter	eq	7.x-5.2
twitter_project:twitter	twitter project twitter	eq	7.x-5.3
twitter_project:twitter	twitter project twitter	eq	7.x-5.4
twitter_project:twitter	twitter project twitter	eq	7.x-5.5
twitter_project:twitter	twitter project twitter	eq	7.x-5.6

Rows per page:

1-10 of 131

References

www.drupal.org/node/2559981

www.drupal.org/node/2559985

www.drupal.org/node/2559989

www.drupal.org/node/2565827

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CVE-2015-7229

prion1 nvd1 drupal1 cvelist1