Description
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-17T00:41:33.268Z
Reserved: 2012-03-27T00:00:00.000Z
Link: CVE-2007-6752
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-03-28T10:54:59.457
Modified: 2026-04-29T01:13:23.040
Link: CVE-2007-6752
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses