Vulnerability Details : CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

Published 2016-04-12 15:59:07

Updated 2016-04-13 00:22:54

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-3169

Probability of exploitation activity in the next 30 days: 0.47%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-3169

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-3169

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3169

http://www.openwall.com/lists/oss-security/2016/02/24/19

oss-security - CVE requests for Drupal core (SA-CORE-2016-001)

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/03/15/10

oss-security - Re: CVE requests for Drupal core (SA-CORE-2016-001)

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3498

Debian -- Security Information -- DSA-3498-1 drupal7

CVEs referencing this url
https://www.drupal.org/SA-CORE-2016-001

Access to this page has been denied.
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2016-3169

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.10
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.3
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.1
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta2
cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha7
cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha2
cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0
cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.12
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.18
cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.20
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.22
cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC3
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.16
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC2
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta3
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.8
cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.7
cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.6
cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.5
cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.4
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha6
cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha5
cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha4
cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha3
cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.2
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.10
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.9
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.1
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC1
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.11
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.3
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC3
cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC2
cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC1
cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update DEV
cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.6
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.7
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.5
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.14
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.13
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.21
cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.24
cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.23
cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC4
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta2
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.11
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.9
cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.2
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC4
cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta3
cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta1
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha1
cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.x-dev
cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.15
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.8
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.19
cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.17
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update DEV
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta4
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.4
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta1
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.12
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.13
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.14
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.15
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.25
cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.26
cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.17
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.16
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.18
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.27
cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.19
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.28
cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.23
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.22
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.21
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.20
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.24
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.26
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.28
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.25
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.27
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.30
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.29
cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.30
cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.32
cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.29
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.31
cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.33
cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.34
cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.31
cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.33
cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.34
cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.32
cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.37
cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.35
cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.36
cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.35
cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.38
cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.36
cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.40
cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.42
cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.41
cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.37
cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*
Matching versions