Lucene search

MitreCVE-2015-7229

HistorySep 17, 2015 - 4:59 p.m.

CVE-2015-7229

2015-09-1716:59:08

CWE-264

mitre

web.nvd.nist.gov

cve-2015-7229

twitter module

drupal

unauthorized access

remote user

nvd

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

49.7%

JSON

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) “post to twitter” permission or change the options for arbitrary attached accounts by leveraging the (2) “add twitter accounts” or (3) “add authenticated twitter accounts” permission.

Affected configurations

Nvd

Node

twitter_projecttwitterMatch6.x-5.0drupal

twitter_projecttwitterMatch6.x-5.1drupal

twitter_projecttwitterMatch6.x-5.xdevdrupal

twitter_projecttwitterMatch7.x-5.0drupal

twitter_projecttwitterMatch7.x-5.1drupal

twitter_projecttwitterMatch7.x-5.2drupal

twitter_projecttwitterMatch7.x-5.3drupal

twitter_projecttwitterMatch7.x-5.4drupal

twitter_projecttwitterMatch7.x-5.5drupal

twitter_projecttwitterMatch7.x-5.6drupal

twitter_projecttwitterMatch7.x-5.7drupal

twitter_projecttwitterMatch7.x-5.8drupal

twitter_projecttwitterMatch7.x-6.0alpha1drupal

twitter_projecttwitterMatch7.x-6.0alpha2drupal

VendorProductVersionCPE
twitter_projecttwitter6.x-5.0cpe:2.3:a:twitter_project:twitter:6.x-5.0:*:*:*:*:drupal:*:*
twitter_projecttwitter6.x-5.1cpe:2.3:a:twitter_project:twitter:6.x-5.1:*:*:*:*:drupal:*:*
twitter_projecttwitter6.x-5.xcpe:2.3:a:twitter_project:twitter:6.x-5.x:dev:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.0cpe:2.3:a:twitter_project:twitter:7.x-5.0:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.1cpe:2.3:a:twitter_project:twitter:7.x-5.1:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.2cpe:2.3:a:twitter_project:twitter:7.x-5.2:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.3cpe:2.3:a:twitter_project:twitter:7.x-5.3:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.4cpe:2.3:a:twitter_project:twitter:7.x-5.4:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.5cpe:2.3:a:twitter_project:twitter:7.x-5.5:*:*:*:*:drupal:*:*
twitter_projecttwitter7.x-5.6cpe:2.3:a:twitter_project:twitter:7.x-5.6:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
twitter_project	twitter	6.x-5.0	cpe:2.3:a:twitter_project:twitter:6.x-5.0:::::drupal::
twitter_project	twitter	6.x-5.1	cpe:2.3:a:twitter_project:twitter:6.x-5.1:::::drupal::
twitter_project	twitter	6.x-5.x	cpe:2.3:a:twitter_project:twitter:6.x-5.x:dev::::drupal::*
twitter_project	twitter	7.x-5.0	cpe:2.3:a:twitter_project:twitter:7.x-5.0:::::drupal::
twitter_project	twitter	7.x-5.1	cpe:2.3:a:twitter_project:twitter:7.x-5.1:::::drupal::
twitter_project	twitter	7.x-5.2	cpe:2.3:a:twitter_project:twitter:7.x-5.2:::::drupal::
twitter_project	twitter	7.x-5.3	cpe:2.3:a:twitter_project:twitter:7.x-5.3:::::drupal::
twitter_project	twitter	7.x-5.4	cpe:2.3:a:twitter_project:twitter:7.x-5.4:::::drupal::
twitter_project	twitter	7.x-5.5	cpe:2.3:a:twitter_project:twitter:7.x-5.5:::::drupal::
twitter_project	twitter	7.x-5.6	cpe:2.3:a:twitter_project:twitter:7.x-5.6:::::drupal::

Rows per page:

1-10 of 141

References

www.drupal.org/node/2559981

www.drupal.org/node/2559985

www.drupal.org/node/2559989

www.drupal.org/node/2565827

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

49.7%

JSON

Related for CVE-2015-7229