6.8

CVE-2008-6836

Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Peter WolaninOpenid Version5.x-1.0
   DrupalDrupal
Peter WolaninOpenid Version5.x-1.1
   DrupalDrupal
Peter WolaninOpenid Version5.x-1.x Updatedev
   DrupalDrupal
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.453
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://drupal.org/node/280592
Patch
Vendor Advisory
http://drupal.org/node/280593
Patch
http://secunia.com/advisories/31027
Vendor Advisory
http://www.securityfocus.com/bid/30165
http://osvdb.org/46939