CVE-2015-3375

Name of the Vulnerable Software and Affected Versions Shibboleth Authentication module versions prior to 6.x-4.1 and 7.x-4.x prior to 7.x-4.1 for Drupal

Description The issue allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules. This is achieved through a cross-site request forgery (CSRF) vulnerability in the affected module.

Recommendations For versions prior to 6.x-4.1, update to version 6.x-4.1 or later. For versions prior to 7.x-4.1, update to version 7.x-4.1 or later. As a temporary workaround, consider restricting access to the user role matching rules deletion functionality until a patch is applied.