Hírolvasó
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013
Project: OAuth2 ClientDate: 2025-February-05Security risk: Moderately critical 12 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryAffected versions: <4.1.3Description:
This module enables a developer to create dedicated OAuth2 clients for connecting to external APIs and other OAuth protected resources.
The module does not use Cross Site Request Forgery (CSRF) tokens to protect routes for enabling a client.
This vulnerability is mitigated by the fact that an attacker must know the machine name of the client and deceive another user with this permission.
Solution:Install the latest version:
- If you use the Oauth2 Client module for Drupal 10 or 11, upgrade to Oauth2 Client 4.1.3
- cilefen of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
Kategóriák: Biztonsági figyelmeztetések
