CVE-2015-3234
Published: 22 June 2015
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Priority
Status
Package | Release | Status |
---|---|---|
drupal7 Launchpad, Ubuntu, Debian |
trusty |
Needed
|
vivid |
Released
(7.32-1+deb8u4build0.15.04.1)
|
|
precise |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
artful |
Not vulnerable
(7.38-1)
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
upstream |
Released
(7.38-1)
|
|
utopic |
Released
(7.32-1+deb8u4build0.14.10.1)
|
|
wily |
Not vulnerable
(7.38-1)
|
|
xenial |
Not vulnerable
(7.38-1)
|
|
yakkety |
Not vulnerable
(7.38-1)
|
|
zesty |
Not vulnerable
(7.38-1)
|
|
mantic |
Does not exist
|
|
drupal6 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.36)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|