Drupal Security TeamDRUPAL-SA-CONTRIB-2015-151Scald - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-151
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
51.0%
This module enables you to easily manage your media assets and re-use them in all your content.
The module provided a βdebugβ context that gave access to all the atom properties, including all the fields attached to this atom, without applying the corresponding field restrictions.
This vulnerability is mitigated by the fact that only sites that added fields to an atom type and then restricted access to those fields are vulnerable.
CVE identifier(s) issued
- CVE-2015-7305
Versions affected
- Scald 7.x-1.x versions prior to 7.x-1.5.
Drupal core is not affected. If you do not use the contributed Scald: Media Management made easy module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Scald module for Drupal 7.x, upgrade to Scald 7.x-1.5
Also see the Scald: Media Management made easy project page.
Reported by
Fixed by
- Franck Deroche the module maintainer
- Nagy BΓ‘lint the module maintainer
Coordinated by
- Pere Orga of the Drupal Security Team
References
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
51.0%