Описание
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | only affects drupal 8 |
| esm-apps/xenial | not-affected | only affects drupal 8 |
| esm-infra-legacy/trusty | not-affected | only affects drupal 8 |
| precise | not-affected | only affects drupal 8 |
| trusty | not-affected | only affects drupal 8 |
| trusty/esm | not-affected | only affects drupal 8 |
| upstream | not-affected | only affects drupal 8 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | only affects drupal 8 |
Показывать по
10
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 8 лет назад
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
CVSS3: 7.5
debian
больше 8 лет назад
The user password reset form in Drupal 8.x before 8.2.3 allows remote ...
CVSS3: 7.5
github
около 3 лет назад
Drupal Incorrect cache context on password reset page
5 Medium
CVSS2
7.5 High
CVSS3