Summaryinfo

A vulnerability, which was classified as problematic, was found in Chaos Tool Suite up to 7.x-1.6 on Drupal. This affects an unknown part. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2015-4375. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Chaos Tool Suite up to 7.x-1.6 on Drupal. Affected is some unknown functionality. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

The weakness was shared 06/15/2015 (Website). The advisory is shared for download at drupal.org. This vulnerability is traded as CVE-2015-4375 since 06/05/2015. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading to version 7.x-1.7 eliminates this vulnerability.

The entry VDB-75957 is related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Name

• Chaos Tool Suite

Version

• 7.x-1.0
• 7.x-1.1
• 7.x-1.2
• 7.x-1.3
• 7.x-1.4
• 7.x-1.5
• 7.x-1.6

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion