CVE-2014-2983

Drupal 6.x < 6.31 and 7.x < 7.27 - Unauthenticated Exposure of Sensitive Information via Cached Form Data

Title source: llm

Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2913

Patch, Vendor Advisory x_refsource_confirm

https://drupal.org/SA-CORE-2014-002

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2914

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/04/22/2

Scores

EPSS 0.0043

EPSS Percentile 63.0%

Details

CWE

CWE-200

Status published

Products (4)

debian/debian_linux 6.0

debian/debian_linux 7.0

debian/debian_linux 8.0

drupal/drupal 6.0 - 6.31

Published Apr 23, 2014

Tracked Since Feb 18, 2026