5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.4%
Acquia Cloud Site Factory provides an environment and a robust set of tools that simplify management of many Drupal sites, allowing you to quickly deliver and manage any number of websites.
The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack (see SA-CORE-2015-002).
Only sites with the Overlay module enabled are vulnerable.
Drupal core is not affected. If you do not use the contributed Acquia Cloud Site Factory Connector module, there is nothing you need to do.
Install the latest version:
Also see the Acquia Cloud Site Factory Connector project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2507535
www.drupal.org/project/acsf
www.drupal.org/SA-CORE-2015-002
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/david_rothstein
www.drupal.org/u/pere-orga
www.drupal.org/u/scor
www.drupal.org/user/2700643
www.drupal.org/writing-secure-code