CVE-2015-2559 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-2559 Interim 1 4 2025-04-12T23:28:18Z current 2021-05-30T13:28:27Z 2025-04-12T23:28:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-2559 Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. CVE-2015-2559 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N