← Back

CVE-2015-4375

nvd nist
Published: Jun 15, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

Affected (8)

Chaos Tool Suite Project
1 product
Ctools
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Ctools
Version 7.x-1.0
Ctools
Version 7.x-1.1
Ctools
Version 7.x-1.2
Ctools
Version 7.x-1.3
Ctools
Version 7.x-1.4
Ctools
Version 7.x-1.5
Ctools
Version 7.x-1.6
Ctools
Version 7.x-1.6 rc1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.