CVE-2015-7880

Published: Sep 13, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.

Affected (7)

Products: Drupal: Drupal

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 7.x-1.0
Drupal Drupal	Version 7.x-1.0 rc1
Drupal Drupal	Version 7.x-1.0 rc2
Drupal Drupal	Version 7.x-1.1
Drupal Drupal	Version 7.x-1.2
Drupal Drupal	Version 7.x-1.3
Drupal Drupal	Version 7.x-1.4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.openwall.com/lists/oss-security/2015/10/21/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/77023

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.drupal.org/node/2582015

Source: cve@mitre.org

MitigationVendor Advisory

https://www.drupal.org/node/2582283

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/10/21/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/77023

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.drupal.org/node/2582015

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.drupal.org/node/2582283

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.