CVE-2015-3380

2015-04-21T18:59:00
ID CVE-2015-3380
Type cve
Reporter cve@mitre.org
Modified 2016-12-06T03:00:00

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors. Per the <a href="https://www.drupal.org/node/2424409">advisory</a>: "A malicious user can cause an administrator to enable and disable modules by getting the administrator's browser to make a request to a specially-crafted URL." Only integrity and availability are affected.