← Volver a CVEs
CVE-2015-7229
N/ADescripcion
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado9/17/2015
Ultima modificacion4/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
twitter_project:twitter
Debilidades (CWE)
CWE-264
Referencias
https://www.drupal.org/node/2559981(cve@mitre.org)
https://www.drupal.org/node/2559985(cve@mitre.org)
https://www.drupal.org/node/2559989(cve@mitre.org)
https://www.drupal.org/node/2565827(cve@mitre.org)
https://www.drupal.org/node/2559981(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2559985(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2559989(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2565827(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.