The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2015-06-22 19:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-3231
Mitre link : CVE-2015-3231
CVE.ORG link : CVE-2015-3231
JSON object : View
Products Affected
debian
- debian_linux
drupal
- drupal
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor