CVE-2015-5491

Published Aug 18, 2015

Last updated 10 years ago

CVSS info 3.5

Overview

Description: The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dynamic_display_block_project:dynamic_display_block:7.x-1.0:beta1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E476E22-75CC-47F4-BB73-1FADB097D385"
          },
          {
            "criteria": "cpe:2.3:a:dynamic_display_block_project:dynamic_display_block:7.x-1.0:rc1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7C883C8-F376-4848-85B2-AE73F4FEE57F"
          },
          {
            "criteria": "cpe:2.3:a:dynamic_display_block_project:dynamic_display_block:7.x-1.x:dev:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C06148B-ED40-44B3-B740-DA6A5D35F500"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References