Опубликовано: 25 нояб. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5
Описание
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | only affects drupal 8 |
| esm-apps/xenial | not-affected | only affects drupal 8 |
| esm-infra-legacy/trusty | not-affected | only affects drupal 8 |
| precise | not-affected | only affects drupal 8 |
| trusty | not-affected | only affects drupal 8 |
| trusty/esm | not-affected | only affects drupal 8 |
| upstream | not-affected | only affects drupal 8 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | only affects drupal 8 |
Показывать по
10
EPSS
Процентиль: 45%
0.00227
Низкий
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 9 лет назад
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
CVSS3: 7.5
debian
около 9 лет назад
The user password reset form in Drupal 8.x before 8.2.3 allows remote ...
CVSS3: 7.5
github
больше 3 лет назад
Drupal Incorrect cache context on password reset page
EPSS
Процентиль: 45%
0.00227
Низкий
5 Medium
CVSS2
7.5 High
CVSS3