CVE-2015-8095

The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.drupal.org/node/2608382	Patch Vendor Advisory
https://www.drupal.org/node/2608414	Patch
https://www.drupal.org/node/2608382	Patch Vendor Advisory
https://www.drupal.org/node/2608414	Patch

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.15:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.16:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.17:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.18:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.19:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.20:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.21:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.22:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.23:::::::*
	cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:38

Type	Values Removed	Values Added
References	~~() https://www.drupal.org/node/2608382 - Patch, Vendor Advisory~~	() https://www.drupal.org/node/2608382 - Patch, Vendor Advisory
References	~~() https://www.drupal.org/node/2608414 - Patch~~	() https://www.drupal.org/node/2608414 - Patch

Information

Published : 2015-11-09 16:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-8095

Mitre link : CVE-2015-8095

CVE.ORG link : CVE-2015-8095

JSON object : View

Products Affected

drupal

drupal

monster_menus_module_project

monster_menus

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-8095", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-09T16:59:12.200", "references": [{"url": "https://www.drupal.org/node/2608382", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2608414", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2608382", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/node/2608414", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern."}, {"lang": "es", "value": "La funcionalidad recycle bin en el m\u00f3dulo Monster Menus 7.x-1.21 en versiones anteriores a 7.x-1.24 para Drupal no elimina correctamente los nodos de la vista, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un patr\u00f3n URL no especificado."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98E0F326-8C25-448E-B775-51A00E94B70C"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E988B3D0-0E9F-46A3-942F-5B806C19125E"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "545F78EA-A4C8-4A02-9307-A7161341ABB5"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC17B5C-B516-4C51-9931-9C61DF551F69"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F04C8D-46F8-4011-B8CB-7A2739D73826"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F79729F-DC69-4C20-97FC-82CAD7731C5C"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "524A1E8F-F1CB-4028-B664-1E97EA56FDD7"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "278CAAEB-C8CE-4BE7-BA48-C353200CCC43"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A41C450-BADF-41A8-97D2-16C0B41E3CB9"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A2CA121-6280-4E12-B16E-6731487BAA7F"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB655C8-862F-4F4A-95D0-3BE285492936"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E9FDD6C-B044-4411-8167-42B90122BDBE"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "831B3C4D-0A3A-4F6F-BAF9-D132E4984C02"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6866ED88-6BB7-45FA-B730-03A1AE8BABBC"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EB5823E-CC26-4302-A201-BC1C711658B4"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2EF947A-4B67-45E7-AA83-F92023B69578"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37BF0DAD-F3A5-497F-BF26-0FDE3FFC8BCA"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8428F316-C7B6-4DEB-B882-324A4EE4CD7F"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DDF8E00-8C4F-4B2F-A430-BF7A0BCE0047"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4568D59B-B63A-4F15-A56C-279EC8363FAF"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72AAAE92-9C07-4354-A8ED-E90EEFD5116D"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EE90C9-CD90-40F1-B07A-C46EBBD487C6"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF52A08E-A1D6-45A8-92F2-91A26C679342"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74880040-BA9A-4E59-92F4-4B28D373C6BC"}, {"criteria": "cpe:2.3:a:monster_menus_module_project:monster_menus:7.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542F67D5-230B-425D-9F64-B272CA3F01E0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10