The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
References
Link | Resource |
---|---|
http://cgit.drupalcode.org/admin_views/commit/?id=44098bb | |
http://www.securityfocus.com/bid/75697 | |
https://www.drupal.org/node/2529366 | Patch |
https://www.drupal.org/node/2529378 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-09-17T16:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2015-09-17T00:00:00
Link: CVE-2015-7226
JSON object: View
NVD Information
Status : Modified
Published: 2015-09-17T16:59:05.087
Modified: 2016-11-28T19:42:43.667
Link: CVE-2015-7226
JSON object: View
Redhat Information
No data.
CWE