- Advisory ID: DRUPAL-SA-CORE-2015-004
- Project: Drupal core
- Version: 7.x
- Date: 2015-October-21
- Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
- Vulnerability: Open Redirect
This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission, and that the Overlay module must be enabled.
An incomplete fix for this issue was released as part of SA-CORE-2015-002.
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
- Drupal core 7.x versions prior to 7.41.
Install the latest version:
- If you use Drupal 7.x, upgrade to Drupal 7.41
Also see the Drupal core project page.Reported by
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurityDrupal version: Drupal 7.x