Improper Permission Check in Chat Room Module for Drupal Allows Unauthorized Message Reading

Improper Permission Check in Chat Room Module for Drupal Allows Unauthorized Message Reading

CVE-2015-8601 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.

Learn more about our Web App Pen Testing.