CVE-2015-8601

Drupal Chat Room <7.x-2.2 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2627478
Patch x_refsource_confirm
https://www.drupal.org/node/2627428

Scores

EPSS 0.0123
EPSS Percentile 65.4%

Details

CWE
CWE-200
Status published
Products (2)
chat_room_project/chat_room 7.x-2.0
chat_room_project/chat_room 7.x-2.1
Published Dec 17, 2015
Tracked Since Feb 18, 2026