CVE-2015-3404
N/A
N/A
Summary
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.drupal.org/node/2407081
- https://www.drupal.org/node/2415947
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.openwall.com/lists/oss-security/2015/04/21/8
- http://www.securityfocus.com/bid/74282
References
- https://www.drupal.org/node/2407081
- https://www.drupal.org/node/2415947
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.openwall.com/lists/oss-security/2015/04/21/8
- http://www.securityfocus.com/bid/74282
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.