CVE-2015-4375 - Vulnerability Details - OpenCVE

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chaos Tool Suite Project	Ctools

Configuration 1 [-]

OR	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:::::drupal::
	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1::::drupal::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/03/22/35
http://www.openwall.com/lists/oss-security/2015/04/25/6
https://www.drupal.org/node/2454883
https://www.drupal.org/node/2454909

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-06-15T14:00:00

Updated: 2024-08-06T06:11:12.908Z

Reserved: 2015-06-05T00:00:00

Link: CVE-2015-4375

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-06-15T14:59:32.763

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-4375

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-06-15T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"}, {"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"}, {"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/node/2454909"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2454883"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"}, {"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"}, {"name": "https://www.drupal.org/node/2454909", "refsource": "MISC", "url": "https://www.drupal.org/node/2454909"}, {"name": "https://www.drupal.org/node/2454883", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2454883"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:11:12.908Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150322 CVE requests for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"}, {"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/node/2454909"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2454883"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4375", "datePublished": "2015-06-15T14:00:00", "dateReserved": "2015-06-05T00:00:00", "dateUpdated": "2024-08-06T06:11:12.908Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*", "matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*", "matchCriteriaId": "7683107F-23E1-4220-91FA-CFCDD2129AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*", "matchCriteriaId": "698747A0-461D-409B-B9DE-9059CCF81AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*", "matchCriteriaId": "05D4A651-2FFE-42D1-8412-4C3C4098995F", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*", "matchCriteriaId": "FF5CE8CA-69E1-465A-9F16-C96FB1E0F564", "vulnerable": true}, {"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1:*:*:*:drupal:*:*", "matchCriteriaId": "B6B28B89-76C3-4407-84EF-48CBF6FBD783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity."}, {"lang": "es", "value": "El m\u00f3dulo Chaos tool suite (ctools) 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos obtener t\u00edtulos de nodos a trav\u00e9s (1) de una b\u00fasqueda de autocompletado en entidades personalizadas sin indicador de consulta de acceso o (2) del aprovechamiento de conocimiento de un identificador de una entidad."}], "id": "CVE-2015-4375", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-15T14:59:32.763", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2454883"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.drupal.org/node/2454909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2454883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.drupal.org/node/2454909"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}