CVE-2015-3404

The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
certify_projectcertify
6.x-2.2:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.openwall.com/lists/oss-security/2015/04/21/8
http://www.securityfocus.com/bid/74282
https://www.drupal.org/node/2407081
https://www.drupal.org/node/2415947
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.openwall.com/lists/oss-security/2015/04/21/8
http://www.securityfocus.com/bid/74282
https://www.drupal.org/node/2407081
https://www.drupal.org/node/2415947