The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/07/04/4 | |
http://www.securityfocus.com/bid/74867 | |
https://www.drupal.org/node/2495895 | Patch |
https://www.drupal.org/node/2495903 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-08-18T17:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2015-07-10T00:00:00
Link: CVE-2015-5502
JSON object: View
NVD Information
Status : Modified
Published: 2015-08-18T18:00:06.737
Modified: 2016-11-28T19:33:52.450
Link: CVE-2015-5502
JSON object: View
Redhat Information
No data.
CWE