Remote Information Disclosure in Drupal's Entity Registration Module
CVE-2015-7880

4.3MEDIUM

Key Information:

Vendor

Drupal
Status
Drupal
Vendor
CVE Published:
13 September 2017

What is CVE-2015-7880?

The Entity Registration module for Drupal mistakenly grants remote attackers the ability to access sensitive event registration details. This occurs through an improper configuration of the "Register other accounts" permission, combined with knowledge of specific usernames, allowing unauthorized data exposure and potentially compromising user privacy. It is essential for site administrators to update to version 7.x-1.5 or later to secure their websites against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.drupal.org/node/2582015
x_refsource_MISC
http://www.securityfocus.com/bid/77023
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2015/10/21/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.