CVE-2015-5491

EUVD-2015-5446
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
dynamic_display_block_projectdynamic_display_block
7.x-1.0:x
dynamic_display_block_projectdynamic_display_block
7.x-1.0:x
dynamic_display_block_projectdynamic_display_block
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2484157
https://www.drupal.org/node/2504965
http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2484157
https://www.drupal.org/node/2504965