Vulnerability Details : CVE-2015-5490
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2015-5490
Probability of exploitation activity in the next 30 days: 0.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5490
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5490
-
http://www.securityfocus.com/bid/74462
Drupal Views Module Access Bypass Vulnerability
-
http://cgit.drupalcode.org/views/commit/?id=cef693b
Issue by das-peter: Ensure that we do not end up with broken views data cache entries. (cef693bc) · Commits · project / views · GitLab
-
http://www.openwall.com/lists/oss-security/2015/07/04/4
oss-security - CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)
-
https://www.drupal.org/node/2480327
Access to this page has been denied.Patch;Vendor Advisory
-
https://www.drupal.org/node/2475669
Access to this page has been denied.Exploit
-
https://www.drupal.org/node/2480259
Access to this page has been denied.Patch
Products affected by CVE-2015-5490
- cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*
- cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*
- cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*
- cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*
- cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:*