CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-04-23 15:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-2983

Mitre link : CVE-2014-2983

CVE.ORG link : CVE-2014-2983


JSON object : View

Products Affected

debian

  • debian_linux

drupal

  • drupal
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor