PT-2014-4203 · Drupal · Drupal

Published

2014-01-24

·

Updated

2014-02-21

·

CVE-2014-1475

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Drupal versions 6.x before 6.30 Drupal versions 7.x before 7.26
Description The issue allows remote OpenID users to authenticate as other users.
Recommendations For Drupal 6.x, update to version 6.30 or later. For Drupal 7.x, update to version 7.26 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2014-1475
DSA-2847-1
DSA-2851-1
MGASA-2014-0031

Affected Products

Drupal