Vulnerabilites related to views_project - views
cve-2015-5490
Vulnerability from cvelistv5
Published
2015-08-18 17:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://www.drupal.org/node/2480327 | x_refsource_MISC | |
https://www.drupal.org/node/2480259 | x_refsource_CONFIRM | |
https://www.drupal.org/node/2475669 | x_refsource_MISC | |
http://www.securityfocus.com/bid/74462 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2015/07/04/4 | mailing-list, x_refsource_MLIST | |
http://cgit.drupalcode.org/views/commit/?id=cef693b | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:50:02.460Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.drupal.org/node/2480327", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2480259", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.drupal.org/node/2475669", }, { name: "74462", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74462", }, { name: "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/04/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cgit.drupalcode.org/views/commit/?id=cef693b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-29T00:00:00", descriptions: [ { lang: "en", value: "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.drupal.org/node/2480327", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2480259", }, { tags: [ "x_refsource_MISC", ], url: "https://www.drupal.org/node/2475669", }, { name: "74462", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74462", }, { name: "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/04/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://cgit.drupalcode.org/views/commit/?id=cef693b", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.drupal.org/node/2480327", refsource: "MISC", url: "https://www.drupal.org/node/2480327", }, { name: "https://www.drupal.org/node/2480259", refsource: "CONFIRM", url: "https://www.drupal.org/node/2480259", }, { name: "https://www.drupal.org/node/2475669", refsource: "MISC", url: "https://www.drupal.org/node/2475669", }, { name: "74462", refsource: "BID", url: "http://www.securityfocus.com/bid/74462", }, { name: "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/04/4", }, { name: "http://cgit.drupalcode.org/views/commit/?id=cef693b", refsource: "CONFIRM", url: "http://cgit.drupalcode.org/views/commit/?id=cef693b", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5490", datePublished: "2015-08-18T17:00:00", dateReserved: "2015-07-10T00:00:00", dateUpdated: "2024-08-06T06:50:02.460Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3378
Vulnerability from cvelistv5
Published
2015-04-21 18:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
References
▼ | URL | Tags |
---|---|---|
https://www.drupal.org/node/2424403 | x_refsource_MISC | |
https://www.drupal.org/node/2424103 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2015/02/13/12 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/72590 | vdb-entry, x_refsource_BID | |
https://www.drupal.org/node/2424101 | x_refsource_CONFIRM | |
https://www.drupal.org/node/2424097 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:47:57.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.drupal.org/node/2424403", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { name: "72590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72590", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424101", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424097", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-11T00:00:00", descriptions: [ { lang: "en", value: "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.drupal.org/node/2424403", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { name: "72590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72590", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424101", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424097", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3378", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.drupal.org/node/2424403", refsource: "MISC", url: "https://www.drupal.org/node/2424403", }, { name: "https://www.drupal.org/node/2424103", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { name: "72590", refsource: "BID", url: "http://www.securityfocus.com/bid/72590", }, { name: "https://www.drupal.org/node/2424101", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424101", }, { name: "https://www.drupal.org/node/2424097", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424097", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3378", datePublished: "2015-04-21T18:00:00", dateReserved: "2015-04-21T00:00:00", dateUpdated: "2024-08-06T05:47:57.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1887
Vulnerability from cvelistv5
Published
2013-03-27 23:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/51540 | third-party-advisory, x_refsource_SECUNIA | |
http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html | x_refsource_MISC | |
http://drupal.org/node/1948358 | x_refsource_MISC | |
http://www.osvdb.org/91576 | vdb-entry, x_refsource_OSVDB | |
http://www.openwall.com/lists/oss-security/2013/03/25/4 | mailing-list, x_refsource_MLIST | |
http://seclists.org/fulldisclosure/2013/Mar/193 | mailing-list, x_refsource_FULLDISC | |
http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/03/22/8 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/58621 | vdb-entry, x_refsource_BID | |
http://drupal.org/node/1948354 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:36.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "51540", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51540", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://drupal.org/node/1948358", }, { name: "91576", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/91576", }, { name: "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/25/4", }, { name: "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2013/Mar/193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", }, { name: "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/22/8", }, { name: "58621", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58621", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://drupal.org/node/1948354", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-27T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "51540", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51540", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", ], url: "http://drupal.org/node/1948358", }, { name: "91576", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/91576", }, { name: "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/25/4", }, { name: "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2013/Mar/193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", }, { name: "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/22/8", }, { name: "58621", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58621", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://drupal.org/node/1948354", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1887", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "51540", refsource: "SECUNIA", url: "http://secunia.com/advisories/51540", }, { name: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", }, { name: "http://drupal.org/node/1948358", refsource: "MISC", url: "http://drupal.org/node/1948358", }, { name: "91576", refsource: "OSVDB", url: "http://www.osvdb.org/91576", }, { name: "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/03/25/4", }, { name: "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2013/Mar/193", }, { name: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", refsource: "CONFIRM", url: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", }, { name: "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/03/22/8", }, { name: "58621", refsource: "BID", url: "http://www.securityfocus.com/bid/58621", }, { name: "http://drupal.org/node/1948354", refsource: "CONFIRM", url: "http://drupal.org/node/1948354", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1887", datePublished: "2013-03-27T23:00:00Z", dateReserved: "2013-02-19T00:00:00Z", dateUpdated: "2024-09-16T20:57:54.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3379
Vulnerability from cvelistv5
Published
2015-04-21 18:00
Modified
2024-09-16 17:19
Severity ?
EPSS score ?
Summary
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://www.drupal.org/node/2424403 | x_refsource_MISC | |
https://www.drupal.org/node/2424103 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2015/02/13/12 | mailing-list, x_refsource_MLIST | |
https://www.drupal.org/node/2424101 | x_refsource_CONFIRM | |
https://www.drupal.org/node/2424097 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:47:57.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.drupal.org/node/2424403", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424101", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.drupal.org/node/2424097", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-04-21T18:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.drupal.org/node/2424403", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424101", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.drupal.org/node/2424097", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3379", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.drupal.org/node/2424403", refsource: "MISC", url: "https://www.drupal.org/node/2424403", }, { name: "https://www.drupal.org/node/2424103", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424103", }, { name: "[oss-security] 20150213 CVE requests for Drupal contributed modules", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { name: "https://www.drupal.org/node/2424101", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424101", }, { name: "https://www.drupal.org/node/2424097", refsource: "CONFIRM", url: "https://www.drupal.org/node/2424097", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3379", datePublished: "2015-04-21T18:00:00Z", dateReserved: "2015-04-21T00:00:00Z", dateUpdated: "2024-09-16T17:19:11.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2015-08-18 17:59
Modified
2024-11-21 02:33
Severity ?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
views_project | views | 7.x-3.5 | |
views_project | views | 7.x-3.6 | |
views_project | views | 7.x-3.7 | |
views_project | views | 7.x-3.8 | |
views_project | views | 7.x-3.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*", matchCriteriaId: "15890CE7-5208-4DD1-BCAC-2809091145D2", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*", matchCriteriaId: "2D7AEF4E-57D4-4126-B013-0E9EA29F1875", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*", matchCriteriaId: "013171AE-1195-496C-AF2E-450DA98A2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*", matchCriteriaId: "F1D695A3-33F1-4E15-BA91-AF7A3C153D16", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:*", matchCriteriaId: "17D783C7-6DC2-4113-BA1E-021162A302DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad en el método _views_fetch_data en includes/cache.inc en el módulo Views 7.x-3.5 hasta 7.x-3.10 para Drupal, no reconstruye la caché completa si la caché estática no está vacía, lo que permite a atacantes remotos eludir los filtros previstos y obtener acceso a contenido oculto a través de vectores no especificados.", }, ], id: "CVE-2015-5490", lastModified: "2024-11-21T02:33:07.773", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-18T17:59:31.833", references: [ { source: "cve@mitre.org", url: "http://cgit.drupalcode.org/views/commit/?id=cef693b", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/07/04/4", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/74462", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://www.drupal.org/node/2475669", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2480259", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2480327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://cgit.drupalcode.org/views/commit/?id=cef693b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/07/04/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/74462", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.drupal.org/node/2475669", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2480259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2480327", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-27 23:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.1 | |
views_project | views | 7.x-3.2 | |
views_project | views | 7.x-3.3 | |
views_project | views | 7.x-3.4 | |
views_project | views | 7.x-3.5 | |
views_project | views | 7.x-3.x | |
drupal | drupal | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:*:*:*", matchCriteriaId: "A4DD5CD4-BE1E-4CD0-8154-E71F194EC21C", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "575313F3-ADA8-409F-A46F-DFD851B157E6", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:*:*:*", matchCriteriaId: "66F77966-456C-42A4-ADBB-FA220214FB2F", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:*:*:*", matchCriteriaId: "B7B59C40-649C-40DD-A09F-CA3EA51291D8", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:*:*:*", matchCriteriaId: "59EED1F0-CF33-4F87-A51E-B30F2C025FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B409004F-1282-4AB6-8455-CB2095A45C10", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:*:*:*", matchCriteriaId: "6FFF9294-F089-4D34-8C35-974132F22B58", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:*:*:*", matchCriteriaId: "568E9296-C2AD-4D80-9327-F9A0DCBB5917", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:*:*:*", matchCriteriaId: "E087F61C-07A5-4037-A282-A460CBE616E3", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:*:*:*", matchCriteriaId: "50EB9D66-120E-426D-B3E9-1EAC8CB14D98", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:*:*:*", matchCriteriaId: "FA161F50-6EBD-4B3C-8BE7-AFB13B29A0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:*:*:*", matchCriteriaId: "49A7C3D5-EDFA-4728-B84D-69C864351494", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:*:*:*", matchCriteriaId: "6E62EF74-120B-4474-9660-22803BF41A6A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B1170D-AD33-4C7A-892D-63AC71B032CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.", }, { lang: "es", value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de ciertos campos de la vista de configuración.", }, ], id: "CVE-2013-1887", lastModified: "2024-11-21T01:50:35.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-03-27T23:55:01.047", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://drupal.org/node/1948354", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://drupal.org/node/1948358", }, { source: "secalert@redhat.com", url: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2013/Mar/193", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51540", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/22/8", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/25/4", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/91576", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/58621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://drupal.org/node/1948354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://drupal.org/node/1948358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2013/Mar/193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/22/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/25/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/91576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58621", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-21 18:59
Modified
2024-11-21 02:29
Severity ?
Summary
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
views_project | views | * | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.1 | |
views_project | views | 7.x-3.2 | |
views_project | views | 7.x-3.3 | |
views_project | views | 7.x-3.4 | |
views_project | views | 7.x-3.5 | |
views_project | views | 7.x-3.6 | |
views_project | views | 7.x-3.7 | |
views_project | views | 7.x-3.8 | |
views_project | views | 7.x-3.x |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:views_project:views:*:*:*:*:*:drupal:*:*", matchCriteriaId: "B55B9FFA-050B-494C-8CCF-64A58B30C636", versionEndIncluding: "6.x-2.16", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:*:*:*:*:drupal:*:*", matchCriteriaId: "67DB3ABB-09F3-4488-80EB-ED4F2FC131B4", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha1:*:*:*:drupal:*:*", matchCriteriaId: "24E2ABAF-D005-41C0-99D3-F912BE6393A5", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha2:*:*:*:drupal:*:*", matchCriteriaId: "BADD153C-08A4-42D2-8BA5-46D86C3AE866", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha3:*:*:*:drupal:*:*", matchCriteriaId: "BF48BAA5-A710-43AC-88E5-0635DA155F95", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha4:*:*:*:drupal:*:*", matchCriteriaId: "57466CFA-637A-46C8-BED7-380D4BF8A8E6", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:rc2:*:*:*:drupal:*:*", matchCriteriaId: "4B211858-D225-4F38-9FC3-5AC21A39768D", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:rc3:*:*:*:drupal:*:*", matchCriteriaId: "7A7DD15E-DD70-4EF0-94ED-16BF00F8B9C8", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:drupal:*:*", matchCriteriaId: "104ACE80-30C2-41D6-8B97-A565577F3A31", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:drupal:*:*", matchCriteriaId: "23C69C48-42D4-4997-B839-0B311211AC9B", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:drupal:*:*", matchCriteriaId: "A5804FE9-A757-481C-B5D5-99B751CB66C4", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:drupal:*:*", matchCriteriaId: "1557CBA7-8570-49F0-B824-FC1AD31D00D9", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:drupal:*:*", matchCriteriaId: "78654B23-2A8D-48C0-A2BF-465540B9A828", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:drupal:*:*", matchCriteriaId: "251A4DD3-FE81-436F-BDA8-292D9348E3DD", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:drupal:*:*", matchCriteriaId: "7EA55CB0-60B4-4F7A-AD16-66C417D51ABA", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:drupal:*:*", matchCriteriaId: "9ED1AC0A-7B86-4DFF-85B4-1B8F6A35E98D", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:drupal:*:*", matchCriteriaId: "6FE79CAF-4353-4D40-8FF9-B71E27D701ED", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:drupal:*:*", matchCriteriaId: "3230372F-FC76-4E3C-BD76-76A6B58FDD97", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:drupal:*:*", matchCriteriaId: "6872C0D0-D7EB-4B62-811B-704F445AC10A", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*", matchCriteriaId: "15890CE7-5208-4DD1-BCAC-2809091145D2", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*", matchCriteriaId: "2D7AEF4E-57D4-4126-B013-0E9EA29F1875", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*", matchCriteriaId: "013171AE-1195-496C-AF2E-450DA98A2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*", matchCriteriaId: "F1D695A3-33F1-4E15-BA91-AF7A3C153D16", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:drupal:*:*", matchCriteriaId: "216BEC38-653E-4CDD-A591-4C3DD0D96978", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.", }, { lang: "es", value: "Vulnerabilidad de la redirección abierta en el módulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal, cuando el submódulo Views UI está habilitado, permite a usuarios remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores relacionados con la página de interrupción del bloqueo para visualizaciones editadas.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", id: "CVE-2015-3378", lastModified: "2024-11-21T02:29:18.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-04-21T18:59:00.110", references: [ { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/72590", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424097", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424101", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424103", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2424403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72590", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2424403", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-21 18:59
Modified
2024-11-21 02:29
Severity ?
Summary
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
views_project | views | * | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 6.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.0 | |
views_project | views | 7.x-3.1 | |
views_project | views | 7.x-3.2 | |
views_project | views | 7.x-3.3 | |
views_project | views | 7.x-3.4 | |
views_project | views | 7.x-3.5 | |
views_project | views | 7.x-3.6 | |
views_project | views | 7.x-3.7 | |
views_project | views | 7.x-3.8 | |
views_project | views | 7.x-3.x |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:views_project:views:*:*:*:*:*:drupal:*:*", matchCriteriaId: "B55B9FFA-050B-494C-8CCF-64A58B30C636", versionEndIncluding: "6.x-2.16", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:*:*:*:*:drupal:*:*", matchCriteriaId: "67DB3ABB-09F3-4488-80EB-ED4F2FC131B4", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha1:*:*:*:drupal:*:*", matchCriteriaId: "24E2ABAF-D005-41C0-99D3-F912BE6393A5", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha2:*:*:*:drupal:*:*", matchCriteriaId: "BADD153C-08A4-42D2-8BA5-46D86C3AE866", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha3:*:*:*:drupal:*:*", matchCriteriaId: "BF48BAA5-A710-43AC-88E5-0635DA155F95", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:alpha4:*:*:*:drupal:*:*", matchCriteriaId: "57466CFA-637A-46C8-BED7-380D4BF8A8E6", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:rc2:*:*:*:drupal:*:*", matchCriteriaId: "4B211858-D225-4F38-9FC3-5AC21A39768D", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:6.x-3.0:rc3:*:*:*:drupal:*:*", matchCriteriaId: "7A7DD15E-DD70-4EF0-94ED-16BF00F8B9C8", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:drupal:*:*", matchCriteriaId: "104ACE80-30C2-41D6-8B97-A565577F3A31", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:drupal:*:*", matchCriteriaId: "23C69C48-42D4-4997-B839-0B311211AC9B", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:drupal:*:*", matchCriteriaId: "A5804FE9-A757-481C-B5D5-99B751CB66C4", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:drupal:*:*", matchCriteriaId: "1557CBA7-8570-49F0-B824-FC1AD31D00D9", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:drupal:*:*", matchCriteriaId: "78654B23-2A8D-48C0-A2BF-465540B9A828", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:drupal:*:*", matchCriteriaId: "251A4DD3-FE81-436F-BDA8-292D9348E3DD", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:drupal:*:*", matchCriteriaId: "7EA55CB0-60B4-4F7A-AD16-66C417D51ABA", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:drupal:*:*", matchCriteriaId: "9ED1AC0A-7B86-4DFF-85B4-1B8F6A35E98D", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:drupal:*:*", matchCriteriaId: "6FE79CAF-4353-4D40-8FF9-B71E27D701ED", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:drupal:*:*", matchCriteriaId: "3230372F-FC76-4E3C-BD76-76A6B58FDD97", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:drupal:*:*", matchCriteriaId: "6872C0D0-D7EB-4B62-811B-704F445AC10A", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*", matchCriteriaId: "15890CE7-5208-4DD1-BCAC-2809091145D2", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*", matchCriteriaId: "2D7AEF4E-57D4-4126-B013-0E9EA29F1875", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*", matchCriteriaId: "013171AE-1195-496C-AF2E-450DA98A2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*", matchCriteriaId: "F1D695A3-33F1-4E15-BA91-AF7A3C153D16", vulnerable: true, }, { criteria: "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:drupal:*:*", matchCriteriaId: "216BEC38-653E-4CDD-A591-4C3DD0D96978", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.", }, { lang: "es", value: "El módulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal no restringe correctamente el acceso a las configuraciones de visualizaciones por defecto, lo que permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados.", }, ], id: "CVE-2015-3379", lastModified: "2024-11-21T02:29:18.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-04-21T18:59:01.327", references: [ { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424097", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424101", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424103", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2424403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/02/13/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.drupal.org/node/2424103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.drupal.org/node/2424403", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }