CVE Vulnerabilities

CVE-2014-9023

Published: Nov 20, 2014 | Modified: Jun 02, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the access administration pages Drupal permission.

Affected Software

Name Vendor Start Version End Version
Twilio Twilio_project 7.x-1.1 7.x-1.1
Twilio Twilio_project 7.x-1.5 7.x-1.5
Twilio Twilio_project 7.x-1.8 7.x-1.8
Twilio Twilio_project 7.x-1.4 7.x-1.4
Twilio Twilio_project 7.x-1.2 7.x-1.2
Twilio Twilio_project 7.x-1.9 7.x-1.9
Twilio Twilio_project 7.x-1.6 7.x-1.6

References