Description

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

Remediation

References

CVE-2015-3231

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Directory Traversal (5.5.4)

Oracle HTTP Server CVE-2023-22019 Vulnerability (CVE-2023-22019)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.28)

WordPress Plugin Live Product Editor for WooCommerce Security Bypass (4.6.2)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4466)

Severity

Medium

Classification

CVE-2015-3231 CWE-200

Tags

Missing Update Known Vulnerabilities