exploitDog

CVE-2015-4383

Опубликовано: 15 июн. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74344
https://www.drupal.org/node/2459349
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74344
https://www.drupal.org/node/2459349
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:decisions_project:decisions:6.x-1.1:*:*:*:*:drupal:*:*

EPSS

Процентиль: 32%

0.00126

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-fqv8-7pv4-8qp3

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.

EPSS

Процентиль: 32%

0.00126

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352