3.5

CVE-2015-7229

EPSS 0.17%
Veröffentlicht 17.09.2015 16:59:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Twitter Project ≫ Twitter Version6.x-5.0 SwPlatformdrupal

Twitter Project ≫ Twitter Version6.x-5.1 SwPlatformdrupal

Twitter Project ≫ Twitter Version6.x-5.x Updatedev SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.0 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.1 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.2 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.3 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.4 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.5 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.6 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.7 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-5.8 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-6.0 Updatealpha1 SwPlatformdrupal

Twitter Project ≫ Twitter Version7.x-6.0 Updatealpha2 SwPlatformdrupal

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

https://www.drupal.org/node/2559981

Patch

https://www.drupal.org/node/2559985

Patch

https://www.drupal.org/node/2559989

Patch

https://www.drupal.org/node/2565827

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7229

EUVD