{ "id": "CVE-2015-7881", "sourceIdentifier": "cve@mitre.org", "published": "2015-10-26T14:59:11.657", "lastModified": "2015-10-28T11:40:29.547", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and \"add unexpected content to a Colorbox\" via unspecified vectors, possibly related to a link in a comment." }, { "lang": "es", "value": "El m\u00f3dulo Colorbox 7.x-2.x en versiones anteriores a 7.x-2.10 para Drupal permite a usuarios remotos autenticados con ciertos permisos eludir las restricciones destinadas al acceso y 'a\u00f1adir contenido inesperado en un Colorbox' a trav\u00e9s de vectores no especificados, posiblemente relacionado con un link en un comentario." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-284" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.0:*:*:*:*:drupal:*:*", "matchCriteriaId": "2CA3B18B-DD0F-4068-AF0F-B78E4FFF9EFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "791DB703-9C91-4B73-A3F6-E93731C30545" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "8269B944-2F71-4E7D-9020-71DF723FCDF7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.3:*:*:*:*:drupal:*:*", "matchCriteriaId": "0A6A31C9-2F4E-4EC4-BA7E-352F81DD6280" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.4:*:*:*:*:drupal:*:*", "matchCriteriaId": "35174FC4-19A1-4F76-91D8-40A90198BED0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.5:*:*:*:*:drupal:*:*", "matchCriteriaId": "0BE90AA9-0327-471C-8727-36DA32A80542" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.6:*:*:*:*:drupal:*:*", "matchCriteriaId": "5C0D0026-1CA2-4918-A8A7-C8DF144FBD6E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.7:*:*:*:*:drupal:*:*", "matchCriteriaId": "07D13D67-8714-407D-AEEA-6FC6314DEA14" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.8:*:*:*:*:drupal:*:*", "matchCriteriaId": "BA3F7E28-8A13-492F-8225-0E0DA8FD42B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:colorbox_project:colorbox:7.x-2.9:*:*:*:*:drupal:*:*", "matchCriteriaId": "7C941F2C-AD1E-426C-BCA6-6FF796E593C6" } ] } ] } ], "references": [ { "url": "https://www.drupal.org/node/2578165", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://www.drupal.org/node/2582071", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] } ] }