CVE-2015-3404

Sažetak

The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."

Reference

http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.openwall.com/lists/oss-security/2015/04/21/8
http://www.securityfocus.com/bid/74282
https://www.drupal.org/node/2407081
https://www.drupal.org/node/2415947

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

06-12-2016 - 03:00

Objavljeno

22-04-2015 - 22:59