CVE-2015-4375

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

Published: Jun 15, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4375
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
chaos_tool_suite_project / ctools	7.x-1.0	7.x-1.0.x
chaos_tool_suite_project / ctools	7.x-1.1	7.x-1.1.x
chaos_tool_suite_project / ctools	7.x-1.6	7.x-1.6.x
chaos_tool_suite_project / ctools	7.x-1.3	7.x-1.3.x
chaos_tool_suite_project / ctools	7.x-1.4	7.x-1.4.x
chaos_tool_suite_project / ctools	7.x-1.6-rc1	7.x-1.6-rc1.x
chaos_tool_suite_project / ctools	7.x-1.2	7.x-1.2.x
chaos_tool_suite_project / ctools	7.x-1.5	7.x-1.5.x

http://www.openwall.com/lists/oss-security/2015/03/22/35
http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2454883
https://www.drupal.org/node/2454909

Vulnerability Database

290,206

CVE-2015-4375