Описание
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:twilio_project:twilio:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.8:*:*:*:*:drupal:*:*
cpe:2.3:a:twilio_project:twilio:7.x-1.9:*:*:*:*:drupal:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.
EPSS
Процентиль: 37%
0.00157
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-264