CVE-2007-6752

Name of the Vulnerable Software and Affected Versions Drupal versions 7.12 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the "user/logout" URI. The vendor disputes the significance of this issue, considering the security benefit against platform complexity and performance impact, and concludes that a change to the logout behavior is not planned because for most sites it is not worth the trade-off.

Recommendations For versions 7.12 and earlier, consider disabling the logout functionality via the "user/logout" URI as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.