3 matches found
CVE-2015-3375
Cross-site request forgery CSRF vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors...
CVE-2015-3375
The CVE-2015-3375 entry concerns the Drupal Shibboleth Authentication module. A CSRF vulnerability allows remote attackers to hijack administrator authentication for requests that delete user role matching rules. Affected: Shibboleth Authentication module for Drupal 6.x-4.x before 6.x-4.1 and 7.x...
SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request Forgery (CSRF)
Shibboleth Authentication module allows users to log in and get permissions based on federated SAML2 authentication. The roles that are assigned to users are based on a matching list. A malicious attacker can delete matching rules from the list by getting the administrator's browser to make a...