DRUPAL-CONTRIB-2025-056

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-056.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-056
Aliases
  • CVE-2025-47710
Published
2025-05-07T17:08:31Z
Modified
2025-12-10T23:41:24.714345Z
Summary
[none]
Details

The module enables you to add second-factor authentication in addition to the default Drupal login.

The module does not sufficiently ensure that known login routes are protected.

This vulnerability is mitigated by the fact that an attacker must obtain the user's username and password.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/miniorange_2fa

Package

Name
drupal/miniorange_2fa
Purl
pkg:composer/drupal/miniorange_2fa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.0
Database specific 
{
    "constraint": "<4.7.0"
}
Type
ECOSYSTEM
Events
Introduced
5.0.1
Fixed
5.2.0
Database specific 
{
    "constraint": ">=5.0.1 <5.2.0"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-056.json"
affected_versions 
"<4.7.0 || >=5.0.1 <5.2.0"
patched 
true