DISPUTED Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the “security benefit against platform complexity and performance impact” and concluding that a change to the logout behavior is not planned because “for most sites it is not worth the trade-off.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | drupal7 | <= 7.52-2+deb9u11 | drupal7_7.52-2+deb9u11_all.deb |