CVE-2015-3234 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3234 Interim 1 3 2021-06-09T09:36:23Z current 2021-05-30T13:29:41Z 2021-06-09T09:36:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3234 The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. CVE-2015-3234 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N