CVE-2015-7229

Опубликовано: 17 сент. 2015

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.

Ссылки

https://www.drupal.org/node/2559981
Patch
https://www.drupal.org/node/2559985
Patch
https://www.drupal.org/node/2559989
Patch
https://www.drupal.org/node/2565827
Patch
Vendor Advisory
https://www.drupal.org/node/2559981
Patch
https://www.drupal.org/node/2559985
Patch
https://www.drupal.org/node/2559989
Patch
https://www.drupal.org/node/2565827
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:twitter_project:twitter:6.x-5.0:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:6.x-5.1:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:6.x-5.x:dev:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.0:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.1:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.2:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.3:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.4:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.5:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.6:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.7:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-5.8:*:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha1:*:*:*:drupal:*:*

cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha2:*:*:*:drupal:*:*

EPSS

Процентиль: 38%

0.00165

Низкий

3.5 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-3x8h-v4j3-pvc2

github

больше 3 лет назад