4 matches found
CVE-2015-3367
Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...
CVE-2015-3367
CVE-2015-3367 corresponds to CSRF vulnerabilities in the Drupal Patterns module. Affected: Patterns 7.x-2.x prior to 7.x-2.2. Impact: remote attackers could leverage CSRF to cause administrators to restore, publish, or unpublish patterns. Root cause: missing or weak CSRF protection in the Pattern...
CVE-2015-3367
Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...
SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)
Patterns module manages and automates site configuration. Site configurations stored in XML or YAML are called Patterns, and these are easy to read, modify, manage & share and can be executed manually or as a part of an automated web site deployment. Some links were not protected against CSRF. A...