Lucene search

MitreCVE-2019-25012

HistoryJan 01, 2021 - 1:15 a.m.

CVE-2019-25012

2021-01-0101:15:12

CWE-425

mitre

web.nvd.nist.gov

cve-2019-25012

webform report

drupal

remote attackers

submissions

rss.xml

security advisory

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal’s security advisory policy.

Affected configurations

Nvd

Node

webform_report_projectwebform_reportMatch7.x-1.x-devdrupal

VendorProductVersionCPE
webform_report_projectwebform_report7.x-1.x-devcpe:2.3:a:webform_report_project:webform_report:7.x-1.x-dev:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
webform_report_project	webform_report	7.x-1.x-dev	cpe:2.3:a:webform_report_project:webform_report:7.x-1.x-dev:::::drupal::

References

www.drupal.org/project/webform_report/issues/3101410

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

Related for CVE-2019-25012