CVE Daily

CVE-2014-9023

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict a...

Medium CVSS 5.5

Overview

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.

CWE: CWE-264 Published: 2014-11-20T17:50:12.503
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.5 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags