Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://www.debian.org/security/2014/dsa-2913 | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-2914 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/04/22/2 | Mailing List Third Party Advisory |
| https://drupal.org/SA-CORE-2014-002 | Patch Vendor Advisory |
| http://www.debian.org/security/2014/dsa-2913 | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-2914 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/04/22/2 | Mailing List Third Party Advisory |
| https://drupal.org/SA-CORE-2014-002 | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.debian.org/security/2014/dsa-2913 - Third Party Advisory | |
| References | () http://www.debian.org/security/2014/dsa-2914 - Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2014/04/22/2 - Mailing List, Third Party Advisory | |
| References | () https://drupal.org/SA-CORE-2014-002 - Patch, Vendor Advisory |
Information
Published : 2014-04-23 15:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2983
Mitre link : CVE-2014-2983
CVE.ORG link : CVE-2014-2983
JSON object : View
Products Affected
drupal
- drupal
debian
- debian_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor