Unauthorized Access Flaw in Twilio Module for Drupal
CVE-2014-9023

Currently unrated

Key Information:

Vendor: Twilio Project
Status: Twilio
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-9023?

The Twilio module for Drupal prior to version 7.x-1.9 contains a significant access control vulnerability that enables remote authenticated users to gain unauthorized access to restricted administration pages. This flaw permits these users to read and alter sensitive authentication tokens by exploiting the 'access administration pages' permission, potentially compromising the integrity of user sessions and leading to further security issues. Organizations using this module should ensure they update to the latest version to mitigate this risk.

References

https://www.drupal.org/node/2337623

x_refsource_CONFIRM

https://www.drupal.org/node/2344363

x_refsource_MISC

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Nov 20, 2014

Twilio Project

What is CVE-2014-9023?

References

Timeline