CVE-2017-6932 — Open Redirect in Drupal

CWE-601 — Open Redirect10 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.4%

top 40.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Drupal Core Drupal.org Drupal Core +1 more

Timeline

PublishedMar 1

Latest updateMay 14

Description

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages4 packages

▶Packagistdrupal/core7.0 — 7.57

▶CVEListV5drupal.org/drupal_core7.x versions before 7.57

▶NVDdrupal/drupal7.0 — 7.57

▶Packagistdrupal/drupal7.0 — 7.57

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

OSV

Drupal external link injection vulnerability↗2022-05-14

▶

GHSA

Drupal external link injection vulnerability↗2022-05-14

▶

CVEList

CVE-2017-6932: Drupal core 7↗2018-03-01

▶

OSV

CVE-2017-6932: Drupal core 7↗2018-03-01

▶

📋Vendor Advisories

Drupal

Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001↗2018-02-21

▶

💬Community

Bugzilla

CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001)↗2018-02-23

▶

Bugzilla

CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]↗2018-02-23

▶

Bugzilla

CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [epel-all]↗2018-02-23

▶

Bugzilla

▶