Back to search
CVE-2015-3404
Published: Apr 22, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.drupal.org/node/2407081
x_refsource_CONFIRM
https://www.drupal.org/node/2415947
x_refsource_MISC
[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015
mailing-list
x_refsource_MLIST
[oss-security] 20150421 Re: Re: CVEs for Drupal contributed modules - January 2015
mailing-list
x_refsource_MLIST
74282
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now