DRUPAL-CONTRIB-2025-053

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-053.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-053
Aliases
  • CVE-2025-47707
Published
2025-05-07T17:07:22Z
Modified
2025-12-10T23:41:32.412705Z
Summary
[none]
Details

The module enables you to add second-factor authentication in addition to the default Drupal login.

The module doesn't invoke two factor authentication (2FA) for the password reset option.

This vulnerability is mitigated by the fact that an attacker must have access to the password reset link.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/miniorange_2fa

Package

Name
drupal/miniorange_2fa
Purl
pkg:composer/drupal/miniorange_2fa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.0
Database specific 
{
    "constraint": "<4.7.0"
}
Type
ECOSYSTEM
Events
Introduced
5.0.1
Fixed
5.2.0
Database specific 
{
    "constraint": ">=5.0.1 <5.2.0"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-053.json"
affected_versions 
"<4.7.0 || >=5.0.1 <5.2.0"
patched 
true