The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."Referenceshttps://www.drupal.org/node/2569621https://www.drupal.org/node/2569631
