Search
Find a vulnerability
Search criteria
10 vulnerabilities found for openid by peter_wolanin
CVE-2010-3686 (GCVE-0-2010-3686)
Vulnerability from nvd – Published: 2010-09-29 16:00 – Updated: 2024-09-16 20:41
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3686",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:41:42.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3685 (GCVE-0-2010-3685)
Vulnerability from nvd – Published: 2010-09-29 16:00 – Updated: 2024-09-16 23:40
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3685",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:40:40.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3091 (GCVE-0-2010-3091)
Vulnerability from nvd – Published: 2010-09-29 16:00 – Updated: 2024-09-17 01:26
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3091",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:50.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6836 (GCVE-0-2008-6836)
Vulnerability from nvd – Published: 2009-06-27 18:00 – Updated: 2024-09-16 23:51
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30165 | vdb-entryx_refsource_BID |
| http://osvdb.org/46939 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/280592 | x_refsource_CONFIRM |
| http://drupal.org/node/280593 | x_refsource_CONFIRM |
| http://secunia.com/advisories/31027 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"refsource": "OSVDB",
"url": "http://osvdb.org/46939"
},
{
"name": "http://drupal.org/node/280592",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280592"
},
{
"name": "http://drupal.org/node/280593",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6836",
"datePublished": "2009-06-27T18:00:00.000Z",
"dateReserved": "2009-06-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:04.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6835 (GCVE-0-2008-6835)
Vulnerability from nvd – Published: 2009-06-27 18:00 – Updated: 2024-09-16 17:15
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30165 | vdb-entryx_refsource_BID |
| http://osvdb.org/46938 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/280592 | x_refsource_CONFIRM |
| http://drupal.org/node/280593 | x_refsource_CONFIRM |
| http://secunia.com/advisories/31027 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"refsource": "OSVDB",
"url": "http://osvdb.org/46938"
},
{
"name": "http://drupal.org/node/280592",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280592"
},
{
"name": "http://drupal.org/node/280593",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6835",
"datePublished": "2009-06-27T18:00:00.000Z",
"dateReserved": "2009-06-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:15:08.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3091 (GCVE-0-2010-3091)
Vulnerability from cvelistv5 – Published: 2010-09-29 16:00 – Updated: 2024-09-17 01:26
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3091",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:50.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3686 (GCVE-0-2010-3686)
Vulnerability from cvelistv5 – Published: 2010-09-29 16:00 – Updated: 2024-09-16 20:41
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3686",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:41:42.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3685 (GCVE-0-2010-3685)
Vulnerability from cvelistv5 – Published: 2010-09-29 16:00 – Updated: 2024-09-16 23:40
VLAI
EPSS
VEX
Summary
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://drupal.org/node/880480 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2113 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=oss-security&m=128440896914512&w=2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/42388 | vdb-entryx_refsource_BID |
| http://drupal.org/node/880476 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128418560705305&w=2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/880480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880480"
},
{
"name": "DSA-2113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2113"
},
{
"name": "[oss-security] 20100913 Re: CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2"
},
{
"name": "42388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42388"
},
{
"name": "http://drupal.org/node/880476",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/880476"
},
{
"name": "[oss-security] 20100911 CVE id requests: drupal",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3685",
"datePublished": "2010-09-29T16:00:00.000Z",
"dateReserved": "2010-09-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:40:40.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6835 (GCVE-0-2008-6835)
Vulnerability from cvelistv5 – Published: 2009-06-27 18:00 – Updated: 2024-09-16 17:15
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30165 | vdb-entryx_refsource_BID |
| http://osvdb.org/46938 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/280592 | x_refsource_CONFIRM |
| http://drupal.org/node/280593 | x_refsource_CONFIRM |
| http://secunia.com/advisories/31027 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46938",
"refsource": "OSVDB",
"url": "http://osvdb.org/46938"
},
{
"name": "http://drupal.org/node/280592",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280592"
},
{
"name": "http://drupal.org/node/280593",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6835",
"datePublished": "2009-06-27T18:00:00.000Z",
"dateReserved": "2009-06-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:15:08.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6836 (GCVE-0-2008-6836)
Vulnerability from cvelistv5 – Published: 2009-06-27 18:00 – Updated: 2024-09-16 23:51
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30165 | vdb-entryx_refsource_BID |
| http://osvdb.org/46939 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/280592 | x_refsource_CONFIRM |
| http://drupal.org/node/280593 | x_refsource_CONFIRM |
| http://secunia.com/advisories/31027 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30165"
},
{
"name": "46939",
"refsource": "OSVDB",
"url": "http://osvdb.org/46939"
},
{
"name": "http://drupal.org/node/280592",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280592"
},
{
"name": "http://drupal.org/node/280593",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/280593"
},
{
"name": "31027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6836",
"datePublished": "2009-06-27T18:00:00.000Z",
"dateReserved": "2009-06-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:04.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}