CVE-2015-3375

2015-04-2116:59:33

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-3375

csrf

shibboleth authentication

drupal

remote attack

administrator hijacking

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.0%

JSON

Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors.

Affected configurations

NVD

Node

niifshibboleth_authenticationRange≤6.x-4.0drupal

niifshibboleth_authenticationMatch7.x-4.0drupal

CPENameOperatorVersion
niif:shibboleth_authenticationniif shibboleth authenticationle6.x-4.0
niif:shibboleth_authenticationniif shibboleth authenticationeq7.x-4.0