Description

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

Remediation

References

CVE-2015-3231

Related Vulnerabilities

Oracle JRE CVE-2013-2418 Vulnerability (CVE-2013-2418)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-0986)

Microsoft SQL Server Other Vulnerability (CVE-2000-1088)

Jenkins Inadequate Encryption Strength Vulnerability (CVE-2017-2598)

MySQL CVE-2022-21599 Vulnerability (CVE-2022-21599)

Severity

Medium

Classification

CVE-2015-3231 CWE-200

Tags

Missing Update Known Vulnerabilities