MGASA-2014-0031

Source
https://advisories.mageia.org/MGASA-2014-0031.html
Import Source
https://advisories.mageia.org/MGASA-2014-0031.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0031
Upstream
  • CVE-2014-1475
  • CVE-2014-1476
Published
2014-01-31T16:43:58Z
Modified
2026-04-16T06:26:13.663020773Z
Summary
Updated drupal package fixes security vulnerabilities
Details

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts (CVE-2014-1475).

Matt Vance and Damien Tournoud reported an access bypass vulnerability in the taxonomy module. Under certain circumstances, unpublished content can appear on listing pages provided by the taxonomy module and will be visible to users who should not have permission to see it (CVE-2014-1476).

References
Credits

Affected packages

Mageia:3 / drupal

Package

Name
drupal
Purl
pkg:rpm/mageia/drupal?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.26-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2014-0031.json"