Lucene search

[email protected]CVE-2015-7305

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-7305

2022-10-0316:15:56

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-7305

scald module

drupal

access restriction

remote attackers

sensitive information

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.0%

JSON

The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a “debug context.”

Affected configurations

NVD

Node

owsscaldMatch7.x-1.0

owsscaldMatch7.x-1.0alpha1

owsscaldMatch7.x-1.0alpha2

owsscaldMatch7.x-1.0beta1

owsscaldMatch7.x-1.0beta2

owsscaldMatch7.x-1.0beta3

owsscaldMatch7.x-1.0beta4

owsscaldMatch7.x-1.0rc1

owsscaldMatch7.x-1.0rc2

owsscaldMatch7.x-1.0rc3

owsscaldMatch7.x-1.0rc4

owsscaldMatch7.x-1.1

owsscaldMatch7.x-1.2

owsscaldMatch7.x-1.3

owsscaldMatch7.x-1.4

CPENameOperatorVersion
ows:scaldows scaldeq7.x-1.0
ows:scaldows scaldeq7.x-1.1
ows:scaldows scaldeq7.x-1.2
ows:scaldows scaldeq7.x-1.3
ows:scaldows scaldeq7.x-1.4