Lucene search

[email protected]NVD:CVE-2015-8602

HistoryDec 17, 2015 - 7:59 p.m.

CVE-2015-8602

2015-12-1719:59:14

CWE-200

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.5%

JSON

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.

Affected configurations

NVD

Node

token_insert_entity_projecttoken_insert_entityMatch7.x-1.0drupal

References

www.drupal.org/node/2571905

www.drupal.org/node/2627638

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for NVD:CVE-2015-8602

drupal1 cve1 prion1 cvelist1