Unrated severityNVD Advisory· Published Apr 21, 2015· Updated May 6, 2026

CVE-2015-3373

Description

The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.

Affected products

Amazon Aws Project/Amazon Aws
cpe:2.3:a:amazon_aws_project:amazon_aws:*:*:*:*:*:drupal:*:*
Range: <=7.x-1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.drupal.org/node/2415457nvdPatch
www.drupal.org/node/2415873nvdPatchVendor Advisory
cgit.drupalcode.org/aws_amazon/commit/nvd
www.openwall.com/lists/oss-security/2015/01/29/6nvd
www.securityfocus.com/bid/74277nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000