CVE-2015-7305

Scald 7.x-1.x < 7.x-1.5 - Unauthorized Sensitive Information Exposure via Debug Context

Title source: llm
STIX 2.1

Description

The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.drupal.org/node/2569621
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2569631

Scores

EPSS 0.0120
EPSS Percentile 64.4%

Details

CWE
CWE-200
Status published
Products (5)
ows/scald 7.x-1.0 (11 CPE variants)
ows/scald 7.x-1.1
ows/scald 7.x-1.2
ows/scald 7.x-1.3
ows/scald 7.x-1.4
Published Sep 21, 2015
Tracked Since Feb 18, 2026