5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.5%
Incorrect cache handling made private content viewed by “user 1” exposed to other, non-privileged users (CVE-2015-3231). A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites (CVE-2015-3232). Due to insufficient URL validation, the Overlay module could be used to redirect users to malicious sites (CVE-2015-3233). The OpenID module allowed an attacker to log in as other users, including administrators (CVE-2015-3234).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | drupal | < 7.38-1 | drupal-7.38-1.mga4 |
Mageia | 5 | noarch | drupal | < 7.38-1 | drupal-7.38-1.mga5 |
bugs.mageia.org/show_bug.cgi?id=16147
www.debian.org/security/2015/dsa-3291
www.drupal.org/drupal-7.36
www.drupal.org/drupal-7.36-release-notes
www.drupal.org/drupal-7.37
www.drupal.org/drupal-7.37-release-notes
www.drupal.org/drupal-7.38
www.drupal.org/drupal-7.38-release-notes
www.drupal.org/SA-CORE-2015-002