CVE-2015-5491

The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
dynamic_display_block_projectdynamic_display_block
7.x-1.0:x
dynamic_display_block_projectdynamic_display_block
7.x-1.0:x
dynamic_display_block_projectdynamic_display_block
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2484157
https://www.drupal.org/node/2504965
http://www.openwall.com/lists/oss-security/2015/07/04/4
https://www.drupal.org/node/2484157
https://www.drupal.org/node/2504965