CVE-2014-8735

Bad Behavior module <6.x-2.2216 & <7.x-2.2216 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.drupal.org/node/2360955
Patch, Third Party Advisory x_refsource_confirm
https://www.drupal.org/node/2360953
Patch, Third Party Advisory x_refsource_misc
https://www.drupal.org/node/2361611

Scores

EPSS 0.0122
EPSS Percentile 65.0%

Details

CWE
CWE-200
Status published
Products (45)
bad_behavior_project/bad_behavior 6.x-1.0 rc1 (2 CPE variants)
bad_behavior_project/bad_behavior 6.x-1.x dev
bad_behavior_project/bad_behavior 6.x-2.1
bad_behavior_project/bad_behavior 6.x-2.2 rc14
bad_behavior_project/bad_behavior 6.x-2.13
bad_behavior_project/bad_behavior 6.x-2.14
bad_behavior_project/bad_behavior 6.x-2.113
bad_behavior_project/bad_behavior 6.x-2.114
bad_behavior_project/bad_behavior 6.x-2.115
bad_behavior_project/bad_behavior 6.x-2.116
... and 35 more
Published Nov 12, 2014
Tracked Since Feb 18, 2026