Lucene search
HistoryJan 24, 2014 - 6:55 p.m.
CVE-2014-1475
security
drupal
openid
cve-2014-1475
authentication
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.1%
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Affected configurations
Node
drupaldrupalMatch7.0
ORdrupaldrupalMatch7.0alpha1
ORdrupaldrupalMatch7.0alpha2
ORdrupaldrupalMatch7.0alpha3
ORdrupaldrupalMatch7.0alpha4
ORdrupaldrupalMatch7.0alpha5
ORdrupaldrupalMatch7.0alpha6
ORdrupaldrupalMatch7.0alpha7
ORdrupaldrupalMatch7.0beta1
ORdrupaldrupalMatch7.0beta2
ORdrupaldrupalMatch7.0beta3
ORdrupaldrupalMatch7.0dev
ORdrupaldrupalMatch7.0rc1
ORdrupaldrupalMatch7.0rc2
ORdrupaldrupalMatch7.0rc3
ORdrupaldrupalMatch7.0rc4
ORdrupaldrupalMatch7.1
ORdrupaldrupalMatch7.2
ORdrupaldrupalMatch7.10
ORdrupaldrupalMatch7.11
ORdrupaldrupalMatch7.12
ORdrupaldrupalMatch7.13
ORdrupaldrupalMatch7.14
ORdrupaldrupalMatch7.15
ORdrupaldrupalMatch7.16
ORdrupaldrupalMatch7.17
ORdrupaldrupalMatch7.18
ORdrupaldrupalMatch7.19
ORdrupaldrupalMatch7.20
ORdrupaldrupalMatch7.21
ORdrupaldrupalMatch7.22
ORdrupaldrupalMatch7.23
ORdrupaldrupalMatch7.24
Node
drupaldrupalMatch6.0
ORdrupaldrupalMatch6.0beta1
ORdrupaldrupalMatch6.0beta2
ORdrupaldrupalMatch6.0beta3
ORdrupaldrupalMatch6.0beta4
ORdrupaldrupalMatch6.0dev
ORdrupaldrupalMatch6.0rc-1
ORdrupaldrupalMatch6.0rc-2
ORdrupaldrupalMatch6.0rc-3
ORdrupaldrupalMatch6.0rc-4
ORdrupaldrupalMatch6.0rc1
ORdrupaldrupalMatch6.0rc2
ORdrupaldrupalMatch6.0rc3
ORdrupaldrupalMatch6.0rc4
ORdrupaldrupalMatch6.1
ORdrupaldrupalMatch6.2
ORdrupaldrupalMatch6.10
ORdrupaldrupalMatch6.11
ORdrupaldrupalMatch6.12
ORdrupaldrupalMatch6.13
ORdrupaldrupalMatch6.14
ORdrupaldrupalMatch6.15
ORdrupaldrupalMatch6.16
ORdrupaldrupalMatch6.17
ORdrupaldrupalMatch6.18
ORdrupaldrupalMatch6.19
ORdrupaldrupalMatch6.20
ORdrupaldrupalMatch6.21
ORdrupaldrupalMatch6.22
ORdrupaldrupalMatch6.23
ORdrupaldrupalMatch6.24
ORdrupaldrupalMatch6.25
ORdrupaldrupalMatch6.26
ORdrupaldrupalMatch6.27
ORdrupaldrupalMatch6.28
Related
debiancve
debiancve
CVE-2014-1475
2014-01-24 18:55:00
prion
prion
Design/Logic Flaw
2014-01-24 18:55:00
debian
debian
[SECURITY] [DSA 2851-1] drupal6 security update
2014-02-02 20:03:31
[SECURITY] [DSA 2851-1] drupal6 security update
2014-02-02 20:03:31
[SECURITY] [DSA 2847-1] drupal7 security update
2014-01-20 22:40:29
cvelist
cvelist
CVE-2014-1475
2014-01-24 18:00:00
nessus
nessus
Drupal 6.x < 6.30 OpenID Module Account Hijacking
2014-01-23 00:00:00
Debian DSA-2851-1 : drupal6 - impersonation
2014-02-03 00:00:00
Debian DSA-2847-1 : drupal7 - several vulnerabilities
2014-01-21 00:00:00
ubuntucve
ubuntucve
CVE-2014-1475
2014-01-24 00:00:00
nvd
nvd
CVE-2014-1475
2014-01-24 18:55:05
openvas
openvas
Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)
2014-02-02 00:00:00
Debian: Security Advisory (DSA-2851-1)
2014-02-01 00:00:00
Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)
2014-01-20 00:00:00
osv
osv
drupal7 - several
2014-01-20 00:00:00
mageia
mageia
Updated drupal package fixes security vulnerabilities
2014-01-31 20:43:58
drupal
drupal
SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities
2014-01-15 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2847-1] drupal7 security update
2014-02-03 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.1%
Related for CVE-2014-1475