CNNVD-202510-4278 Information
CNNVD ID
CNNVD-202510-4278
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
Drupal Simple OAuth (OAuth2) & OpenID Connect是Drupal社区的一款授权框架。 Drupal Simple OAuth (OAuth2) & OpenID Connect 6.0.0版本至6.0.7之前版本存在安全漏洞,该漏洞源于认证绕过漏洞,可能导致认证绕过。
Description (English)
Drupal Simple OAuth (OAuth2) & OpenID Contact is a framework for the mandate of the Drupal community. There is a security loophole in the pre-version versions of Drupal Simple OAuth (OAuth2) & OpenID Conect 6.0.0 to 6.0.7 which stems from the fact that the authentication bypassed the loophole and could lead to the authentication circumvention.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Drupal
Published
2025-10-30
Last Modified
2026-02-24
References
https://www.drupal.org/sa-contrib-2025-114 https://vigilance.fr/vulnerability/Drupal-Simple-OAuth-OpenID-Connect-privilege-escalation-via-Access-Token-48612
Patch
https://www.drupal.org/project/simple_oauth/releases
Share on: