CVE-2015-7880

EUVD-2015-7778
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
7.x-1.0:x
drupaldrupal
7.x-1.0:x
drupaldrupal
7.x-1.0:x
drupaldrupal
7.x-1.1:x
drupaldrupal
7.x-1.2:x
drupaldrupal
7.x-1.3:x
drupaldrupal
7.x-1.4:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/10/21/2
http://www.securityfocus.com/bid/77023
https://www.drupal.org/node/2582015
https://www.drupal.org/node/2582283
http://www.openwall.com/lists/oss-security/2015/10/21/2
http://www.securityfocus.com/bid/77023
https://www.drupal.org/node/2582015
https://www.drupal.org/node/2582283