CVE-2015-3234
N/A
N/A
Summary
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
- http://www.securityfocus.com/bid/75294
- http://www.debian.org/security/2015/dsa-3291
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
- https://www.drupal.org/SA-CORE-2015-002
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
- http://www.securityfocus.com/bid/75294
- http://www.debian.org/security/2015/dsa-3291
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
- https://www.drupal.org/SA-CORE-2015-002
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.