CVE-2015-7229

Name of the Vulnerable Software and Affected Versions Drupal Twitter module versions 6.x-5.x through 6.x-5.1 Drupal Twitter module versions 7.x-5.x through 7.x-5.8 Drupal Twitter module versions 7.x-6.x through 7.x-5.9 is not accurate since 7.x-6.x is before 7.x-6.0, so it should be Drupal Twitter module versions 7.x-6.x before 7.x-6.0

Description The issue allows remote authenticated users to post tweets to arbitrary accounts by leveraging the post to twitter permission or change the options for arbitrary attached accounts by leveraging the add twitter accounts or add authenticated twitter accounts permission.

Recommendations For Drupal Twitter module versions 6.x-5.x through 6.x-5.1, update to version 6.x-5.2 or later. For Drupal Twitter module versions 7.x-5.x through 7.x-5.8, update to version 7.x-5.9 or later. For Drupal Twitter module versions 7.x-6.x before 7.x-6.0, update to version 7.x-6.0 or later.