CVE-2014-9023

EUVD-2014-8851
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
twilio_projecttwilio
7.x-1.1:x
twilio_projecttwilio
7.x-1.2:x
twilio_projecttwilio
7.x-1.4:x
twilio_projecttwilio
7.x-1.5:x
twilio_projecttwilio
7.x-1.6:x
twilio_projecttwilio
7.x-1.8:x
twilio_projecttwilio
7.x-1.9:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.drupal.org/node/2337623
https://www.drupal.org/node/2344363
https://www.drupal.org/node/2337623
https://www.drupal.org/node/2344363