MGASA-2015-0121
- Source
- https://advisories.mageia.org/MGASA-2015-0121.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0121.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0121
- Upstream
- Published
- 2015-03-27T21:12:10Z
- Modified
- 2026-04-16T06:23:44.907978122Z
- Summary
- Updated drupal packages fix security vulnerabilities
- Details
-
Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559).
Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750).
- References
-
- https://advisories.mageia.org/MGASA-2015-0121.html
- https://bugs.mageia.org/show_bug.cgi?id=15537
- https://www.drupal.org/SA-CORE-2015-001
- https://www.drupal.org/drupal-7.35
- https://www.drupal.org/drupal-7.35-release-notes
- http://openwall.com/lists/oss-security/2015/03/20/2
- http://openwall.com/lists/oss-security/2015/03/26/4
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / drupal
Package
- Name
- drupal
- Purl
- pkg:rpm/mageia/drupal?arch=source&distro=mageia-4