PT-2015-6557 · Drupal · Ctools
Pere Orga
+1
·
Published
2015-06-15
·
Updated
2015-06-16
·
CVE-2015-4375
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ctools module versions 7.x-1.x through 7.x-1.6
Description
The issue allows remote attackers to obtain sensitive node titles. This can be achieved through an autocomplete search on custom entities without an access query tag or by leveraging knowledge of the ID of an entity.
Recommendations
For ctools module versions 7.x-1.x through 7.x-1.6, update to version 7.x-1.7 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ctools