Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Remediation

References

CVE-2014-2983

Related Vulnerabilities

WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)

WordPress Plugin PayPal Digital Downloads Cross-Site Request Forgery (1.4)

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8324)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Unspecified Vulnerability (2.4.9)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.3.2)

Severity

Medium

Classification

CVE-2014-2983 CWE-200

Tags

Missing Update Known Vulnerabilities