CVE-2014-9023

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.drupal.org/node/2337623	Vendor Advisory
https://www.drupal.org/node/2344363	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:twilio_project:twilio:7.x-1.1:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.2:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.4:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.5:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.8:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.6:::::drupal::
	cpe:2.3:a:twilio_project:twilio:7.x-1.9:::::drupal::

Information

Published : 2014-11-20 09:50

Updated : 2016-06-01 19:19

NVD link : CVE-2014-9023

Mitre link : CVE-2014-9023

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

twilio_project

twilio

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.drupal.org/node/2337623", "name": "https://www.drupal.org/node/2337623", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.drupal.org/node/2344363", "name": "https://www.drupal.org/node/2344363", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the \"access administration pages\" Drupal permission."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9023", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-11-20T17:50Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.1:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.2:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.4:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.5:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.8:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.6:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:twilio_project:twilio:7.x-1.9:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-06-02T02:19Z"}