CVE-2014-8735
Bad Behavior module <6.x-2.2216 & <7.x-2.2216 - Info Disclosure
Title source: llmDescription
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.drupal.org/node/2360955
Patch, Third Party Advisory x_refsource_confirm
https://www.drupal.org/node/2360953
Patch, Third Party Advisory x_refsource_misc
https://www.drupal.org/node/2361611
Scores
EPSS
0.0122
EPSS Percentile
65.0%
Details
CWE
CWE-200
Status
published
Products (45)
bad_behavior_project/bad_behavior
6.x-1.0 rc1 (2 CPE variants)
bad_behavior_project/bad_behavior
6.x-1.x dev
bad_behavior_project/bad_behavior
6.x-2.1
bad_behavior_project/bad_behavior
6.x-2.2 rc14
bad_behavior_project/bad_behavior
6.x-2.13
bad_behavior_project/bad_behavior
6.x-2.14
bad_behavior_project/bad_behavior
6.x-2.113
bad_behavior_project/bad_behavior
6.x-2.114
bad_behavior_project/bad_behavior
6.x-2.115
bad_behavior_project/bad_behavior
6.x-2.116
... and 35 more
Published
Nov 12, 2014
Tracked Since
Feb 18, 2026