exploitDog

CVE-2015-4397

Опубликовано: 15 июн. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2475955
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2475955
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:node_template_project:node_template:*:*:*:*:*:drupal:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9gw2-f522-3m5q

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.

EPSS

Процентиль: 31%

0.00116

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352