Vulnerability Details CVE-2015-3234
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
- http://www.debian.org/security/2015/dsa-3291
- http://www.securityfocus.com/bid/75294
- https://www.drupal.org/SA-CORE-2015-002
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
- http://www.debian.org/security/2015/dsa-3291
- http://www.securityfocus.com/bid/75294
- https://www.drupal.org/SA-CORE-2015-002
Products affected by CVE-2015-3234
-
cpe:2.3:a:drupal:drupal:6.0
-
cpe:2.3:a:drupal:drupal:6.1
-
cpe:2.3:a:drupal:drupal:6.10
-
cpe:2.3:a:drupal:drupal:6.11
-
cpe:2.3:a:drupal:drupal:6.12
-
cpe:2.3:a:drupal:drupal:6.13
-
cpe:2.3:a:drupal:drupal:6.14
-
cpe:2.3:a:drupal:drupal:6.15
-
cpe:2.3:a:drupal:drupal:6.16
-
cpe:2.3:a:drupal:drupal:6.17
-
cpe:2.3:a:drupal:drupal:6.18
-
cpe:2.3:a:drupal:drupal:6.19
-
cpe:2.3:a:drupal:drupal:6.2
-
cpe:2.3:a:drupal:drupal:6.20
-
cpe:2.3:a:drupal:drupal:6.21
-
cpe:2.3:a:drupal:drupal:6.22
-
cpe:2.3:a:drupal:drupal:6.23
-
cpe:2.3:a:drupal:drupal:6.24
-
cpe:2.3:a:drupal:drupal:6.25
-
cpe:2.3:a:drupal:drupal:6.26
-
cpe:2.3:a:drupal:drupal:6.27
-
cpe:2.3:a:drupal:drupal:6.28
-
cpe:2.3:a:drupal:drupal:6.29
-
cpe:2.3:a:drupal:drupal:6.3
-
cpe:2.3:a:drupal:drupal:6.30
-
cpe:2.3:a:drupal:drupal:6.31
-
cpe:2.3:a:drupal:drupal:6.32
-
cpe:2.3:a:drupal:drupal:6.33
-
cpe:2.3:a:drupal:drupal:6.34
-
cpe:2.3:a:drupal:drupal:6.35
-
cpe:2.3:a:drupal:drupal:6.4
-
cpe:2.3:a:drupal:drupal:6.5
-
cpe:2.3:a:drupal:drupal:6.6
-
cpe:2.3:a:drupal:drupal:6.7
-
cpe:2.3:a:drupal:drupal:6.8
-
cpe:2.3:a:drupal:drupal:6.9
-
cpe:2.3:a:drupal:drupal:7.0
-
cpe:2.3:a:drupal:drupal:7.1
-
cpe:2.3:a:drupal:drupal:7.10
-
cpe:2.3:a:drupal:drupal:7.11
-
cpe:2.3:a:drupal:drupal:7.12
-
cpe:2.3:a:drupal:drupal:7.13
-
cpe:2.3:a:drupal:drupal:7.14
-
cpe:2.3:a:drupal:drupal:7.15
-
cpe:2.3:a:drupal:drupal:7.16
-
cpe:2.3:a:drupal:drupal:7.17
-
cpe:2.3:a:drupal:drupal:7.18
-
cpe:2.3:a:drupal:drupal:7.19
-
cpe:2.3:a:drupal:drupal:7.2
-
cpe:2.3:a:drupal:drupal:7.20
-
cpe:2.3:a:drupal:drupal:7.21
-
cpe:2.3:a:drupal:drupal:7.22
-
cpe:2.3:a:drupal:drupal:7.23
-
cpe:2.3:a:drupal:drupal:7.24
-
cpe:2.3:a:drupal:drupal:7.25
-
cpe:2.3:a:drupal:drupal:7.26
-
cpe:2.3:a:drupal:drupal:7.27
-
cpe:2.3:a:drupal:drupal:7.28
-
cpe:2.3:a:drupal:drupal:7.29
-
cpe:2.3:a:drupal:drupal:7.3
-
cpe:2.3:a:drupal:drupal:7.30
-
cpe:2.3:a:drupal:drupal:7.33
-
cpe:2.3:a:drupal:drupal:7.34
-
cpe:2.3:a:drupal:drupal:7.35
-
cpe:2.3:a:drupal:drupal:7.36
-
cpe:2.3:a:drupal:drupal:7.37
-
cpe:2.3:a:drupal:drupal:7.4
-
cpe:2.3:a:drupal:drupal:7.5
-
cpe:2.3:a:drupal:drupal:7.6
-
cpe:2.3:a:drupal:drupal:7.7
-
cpe:2.3:a:drupal:drupal:7.8
-
cpe:2.3:a:drupal:drupal:7.9
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0