Main Vulnerability Database Vulnerabilities #VU38293

#VU38293 Information disclosure in Drupal - CVE-2015-7880

Published: September 13, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38293

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-7880

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Drupal

Software vendor:
Drupal

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2015/10/21/2
http://www.securityfocus.com/bid/77023
https://www.drupal.org/node/2582015
https://www.drupal.org/node/2582283