CVE-2015-5512

Published Aug 18, 2015

Last updated 8 years ago

CVSS info 5.0

Overview

Description: The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F189EC0-DBF2-447C-A4BB-AE627DCB9B68"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BF2147-D2A9-44A4-9B03-BF06F1E9CEF7"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08696759-3D97-4E68-A041-A36478918D00"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF1C4CFB-C69C-44C8-A0DC-13EC191B6E53"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.4:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A6CE0FD-5FDF-4431-922F-4766B0934BB3"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.5:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3A3EAE1-13DC-4E9E-8463-3DAA046D9775"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.6:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08D0C466-8FCC-45E4-A519-ABB71D18D567"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.7:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF6B5FD0-8ED9-4391-BBDF-A1ECEFBA2286"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.8:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0E8293A-3450-4CBD-8B79-BC703E2AA6FD"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:6.x-2.9:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E824A40-A314-4A4C-85D9-6D434E48FC61"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:7.x-1.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80140322-A0F6-4195-9EA5-3C8A2083CAAE"
          },
          {
            "criteria": "cpe:2.3:a:me_aliases_project:me_aliases:7.x-1.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C5D992-A321-4174-8000-CEFC1AFC4817"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References