CVE-2014-1475
Drupal 6.x < 6.30 and 7.x < 7.26 - Unauthenticated Authentication Bypass via OpenID Module
Title source: llmDescription
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2847
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56601
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64973
Vendor Advisory x_refsource_confirm
https://drupal.org/SA-CORE-2014-001
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56260
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2851
Scores
EPSS
0.0084
EPSS Percentile
74.9%
Details
Status
published
Products (22)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.10
drupal/drupal
7.11
drupal/drupal
7.12
drupal/drupal
7.13
drupal/drupal
7.14
drupal/drupal
7.15
drupal/drupal
7.16
... and 12 more
Published
Jan 24, 2014
Tracked Since
Feb 18, 2026