Unrated severityNVD Advisory· Published Apr 23, 2014· Updated May 6, 2026

CVE-2014-2983

Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Affected products

Drupal/Drupal
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Range: >=6.0,<6.31
Debian/Debian Linux3 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/SA-CORE-2014-002nvdPatchVendor Advisory
www.debian.org/security/2014/dsa-2913nvdThird Party Advisory
www.debian.org/security/2014/dsa-2914nvdThird Party Advisory
www.openwall.com/lists/oss-security/2014/04/22/2nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000