UBUNTU-CVE-2015-2559

Source
https://ubuntu.com/security/CVE-2015-2559
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-2559.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-2559
Related
Published
2015-03-25T14:59:00Z
Modified
2025-01-13T10:21:09Z
Summary
[none]
Details

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

References

Affected packages

Ubuntu:Pro:14.04:LTS / drupal7

Package

Name
drupal7
Purl
pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm1?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.26-1ubuntu0.1+esm1

Affected versions

7.*

7.23-1
7.24-1
7.24-2
7.26-1
7.26-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "7.26-1ubuntu0.1+esm1",
            "binary_name": "drupal7"
        }
    ]
}