CVE-2014-9023 Information

Description

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages which allows remote authenticated users to read and modify authentication tokens by leveraging the \access administration pages\ Drupal permission.

Reference

https://www.drupal.org/node/2337623 https://www.drupal.org/node/2344363