Arch Linux Security Advisory ASA-201503-18 ========================================== Severity: Medium Date : 2015-03-20 CVE-ID : CVE-2015-2559 Package : drupal Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package drupal before version 7.35-1 is vulnerable to access bypass and open redirects. Resolution ========== Upgrade to 7.35-1. # pacman -Syu "drupal>=7.35-1" The problems have been fixed upstream in version 7.35. Workaround ========== None. Description =========== - CVE-2015-2559 (access bypass) Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where accounts have been imported or programmatically edited in a way that results in the password hash in the database being the same for multiple user accounts. - None (open redirect) Under certain circumstances, malicious users can use the destination URL parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. Impact ====== A remote attacker may gain access to another user's account or take advantage of open redirect issues to trick users into being redirected to a 3rd party website. References ========== https://www.drupal.org/SA-CORE-2015-001 http://www.openwall.com/lists/oss-security/2015/03/20/2 https://security-tracker.debian.org/tracker/CVE-2015-2559