MGASA-2015-0253

Source
https://advisories.mageia.org/MGASA-2015-0253.html
Import Source
https://advisories.mageia.org/MGASA-2015-0253.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0253
Upstream
  • CVE-2015-3231
  • CVE-2015-3232
  • CVE-2015-3233
  • CVE-2015-3234
Published
2015-07-01T12:40:22Z
Modified
2026-04-16T06:25:13.384569999Z
Summary
Updated drupal package fixes security vulnerability
Details

Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users (CVE-2015-3231).

A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites (CVE-2015-3232).

Due to insufficient URL validation, the Overlay module could be used to redirect users to malicious sites (CVE-2015-3233).

The OpenID module allowed an attacker to log in as other users, including administrators (CVE-2015-3234).

References
Credits

Affected packages

Mageia:4 / drupal

Package

Name
drupal
Purl
pkg:rpm/mageia/drupal?arch=source&distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.38-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2015-0253.json"

Mageia:5 / drupal

Package

Name
drupal
Purl
pkg:rpm/mageia/drupal?arch=source&distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.38-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2015-0253.json"