PT-2008-4637 · Drupal · Drupal
Tomas Hoger
·
Published
2008-07-18
·
Updated
2021-04-15
·
CVE-2008-3221
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Drupal versions 6.0 through 6.2
Description:
A cross-site request forgery (CSRF) issue allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. This can be exploited to carry out unauthorized actions on the affected system.
Recommendations:
For Drupal versions 6.0 through 6.2, update to version 6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenID identity deletion functionality until the update can be applied.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal