Vulnerability Description
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uc Profile Project | Uc Profile | 6.x-1.1 |
Related Weaknesses (CWE)
References
- https://www.drupal.org/node/2612812Patch
- https://www.drupal.org/node/2613444PatchVendor Advisory
- https://www.drupal.org/node/2612812Patch
- https://www.drupal.org/node/2613444PatchVendor Advisory
FAQ
What is CVE-2015-8232?
CVE-2015-8232 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the...
How severe is CVE-2015-8232?
CVE-2015-8232 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8232?
Check the references section above for vendor advisories and patch information. Affected products include: Uc Profile Project Uc Profile.