PT-2015-7479 · Drupal · Drupal Twitter Module
Published
2015-09-17
·
Updated
2015-09-22
·
CVE-2015-7229
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Twitter module versions 6.x-5.x through 6.x-5.1
Drupal Twitter module versions 7.x-5.x through 7.x-5.8
Drupal Twitter module versions 7.x-6.x through 7.x-5.9 is not accurate since 7.x-6.x is before 7.x-6.0, so it should be
Drupal Twitter module versions 7.x-6.x before 7.x-6.0
Description
The issue allows remote authenticated users to post tweets to arbitrary accounts by leveraging the
post to twitter permission or change the options for arbitrary attached accounts by leveraging the add twitter accounts or add authenticated twitter accounts permission.Recommendations
For Drupal Twitter module versions 6.x-5.x through 6.x-5.1, update to version 6.x-5.2 or later.
For Drupal Twitter module versions 7.x-5.x through 7.x-5.8, update to version 7.x-5.9 or later.
For Drupal Twitter module versions 7.x-6.x before 7.x-6.0, update to version 7.x-6.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Twitter Module