CVE-2014-9023
Severity Score
5.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.
El módulo Twilio 7.x-1.x en versiones anteriores a 7.x-1.9 para Drupal no restringe adecuadamente el acceso a las páginas de administración de Twilio, lo que permite a usuarios remotos autenticados leer y modificar tokens de autenticación mediante el aprovechamiento del permiso de "acceso a páginas de administración" de Drupal.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-11-20 CVE Reserved
- 2014-11-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.drupal.org/node/2337623 | 2016-06-02 | |
| https://www.drupal.org/node/2344363 | 2016-06-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.1 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.1" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.2 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.2" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.4 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.4" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.5 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.5" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.6 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.6" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.8 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.8" | drupal |
Affected
| ||||||
| Twilio Project Search vendor "Twilio Project" | Twilio Search vendor "Twilio Project" for product "Twilio" | 7.x-1.9 Search vendor "Twilio Project" for product "Twilio" and version "7.x-1.9" | drupal |
Affected
| ||||||