CVE-2008-3221

EUVD-2008-3210
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
6.0 ≤
𝑥
< 6.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal
dapper
not-affected
feisty
not-affected
gutsy
dne
hardy
dne
drupal5
dapper
dne
feisty
dne
gutsy
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://drupal.org/node/280571
http://secunia.com/advisories/31079
http://www.openwall.com/lists/oss-security/2008/07/10/3
http://www.securityfocus.com/bid/30168
https://bugzilla.redhat.com/show_bug.cgi?id=454849
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
http://drupal.org/node/280571
http://secunia.com/advisories/31079
http://www.openwall.com/lists/oss-security/2008/07/10/3
http://www.securityfocus.com/bid/30168
https://bugzilla.redhat.com/show_bug.cgi?id=454849
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html