PT-2025-13848 · Drupal · Drupal Oauth2 Client
Cilefen
+3
·
Published
2025-03-31
·
Updated
2025-04-01
·
CVE-2025-31684
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Drupal OAuth2 Client versions 0.0.0 through 4.1.2
Description
A Cross-Site Request Forgery (CSRF) issue affects the Drupal OAuth2 Client, allowing unauthorized actions to be performed on behalf of the user. This issue may be exploited by an attacker to perform actions without the user's knowledge or consent.
Recommendations
For Drupal OAuth2 Client versions 0.0.0 through 4.1.2, update to version 4.1.3 or later to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Oauth2 Client