CVE-2015-2559

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
References
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-03-25 14:59

Updated : 2025-04-12 10:46


NVD link : CVE-2015-2559

Mitre link : CVE-2015-2559

CVE.ORG link : CVE-2015-2559


JSON object : View

Products Affected

debian

  • debian_linux

drupal

  • drupal
CWE
CWE-284

Improper Access Control