CVE-2015-8601 Information

Description

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.

Reference

https://www.drupal.org/node/2627428 https://www.drupal.org/node/2627478