Permission Flaw in Navigate Module for Drupal by Acquia
CVE-2015-5499

Currently unrated

Key Information:

Vendor: Navigate Project
Status: Navigate
Vendor: CVE Published:; 18 August 2015

🔔 Create Navigate Project Vulnerability Alert

What is CVE-2015-5499?

The Navigate module for Drupal contains a vulnerability where it fails to adequately verify user permissions. This oversight enables remote authenticated users to alter custom widgets and generate new widget database records, exploiting the inadequate checks associated with the 'navigate view' permission feature.

References

https://www.drupal.org/node/2492245

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/07/04/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 10, 2015

CVE-2015-5499 Data

JSON