DRUPAL-CONTRIB-2025-020

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/oauth2_server/DRUPAL-CONTRIB-2025-020.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-020
Aliases
Published
2025-02-26T18:35:21Z
Modified
2025-12-10T23:41:10.210993Z
Summary
[none]
Details

Provides OAuth2 server functionality based on the oauth2-server-php library.

The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/oauth2_server

Package

Name
drupal/oauth2_server
Purl
pkg:composer/drupal/oauth2_server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0
Database specific 
{
    "constraint": "<2.1.0"
}

Database specific

affected_versions 
"<2.1.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/oauth2_server/DRUPAL-CONTRIB-2025-020.json"