Unrated severityNVD Advisory· Published Sep 17, 2015· Updated May 6, 2026
CVE-2015-7229
CVE-2015-7229
Description
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.
Affected products
14cpe:2.3:a:twitter_project:twitter:6.x-5.0:*:*:*:*:drupal:*:*+ 13 more
- cpe:2.3:a:twitter_project:twitter:6.x-5.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:6.x-5.1:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:6.x-5.x:dev:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.1:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.2:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.3:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.4:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.5:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.6:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.7:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-5.8:*:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha1:*:*:*:drupal:*:*
- cpe:2.3:a:twitter_project:twitter:7.x-6.0:alpha2:*:*:*:drupal:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.drupal.org/node/2559981nvdPatch
- www.drupal.org/node/2559985nvdPatch
- www.drupal.org/node/2559989nvdPatch
- www.drupal.org/node/2565827nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.