Vulnerability Details CVE-2015-3375
Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.4%
CVSS Severity
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/74276
- https://www.drupal.org/node/2411269
- https://www.drupal.org/node/2411271
- https://www.drupal.org/node/2411737
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/74276
- https://www.drupal.org/node/2411269
- https://www.drupal.org/node/2411271
- https://www.drupal.org/node/2411737
Products affected by CVE-2015-3375
-
cpe:2.3:a:niif:shibboleth_authentication:6.x-4.0
-
cpe:2.3:a:niif:shibboleth_authentication:7.x-4.0