2 matches found
CVE-2015-8601
CVE-2015-8601 affects the Drupal Chat Room module for Drupal 7.x (versions before 7.x-2.2). The vulnerability arises from insufficient permission checks when establishing a websocket for chat messages, enabling remote attackers to bypass access controls and read messages in arbitrary chat rooms v...
Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169
Chat Room enables site owners to integrate chats into nodes by adding the chat room field to them. The module relies on a websocket connection to send chat messages to the client. The module doesn't sufficiently validate access before setting up the websocket. As a result, users may receive...