Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3091

Опубликовано: 29 сент. 2010
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:peter_wolanin:openid:5.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:peter_wolanin:openid:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:peter_wolanin:openid:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:peter_wolanin:openid:5.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:peter_wolanin:openid:5.x-1.x:dev:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.0073
Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2010-3091

ubuntu
больше 14 лет назад

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

debian логотип

CVE-2010-3091

debian
больше 14 лет назад

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...

github логотип

GHSA-prjg-45g9-9qgc

github
около 3 лет назад

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

EPSS

Процентиль: 72%
0.0073
Низкий

5 Medium

CVSS2

Дефекты

CWE-287