What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
CVSS base score
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
Explanation of Vulnerability in Simple Terms
The OpenID Connect / OAuth client module for Drupal contains a server-side request forgery vulnerability that allows an attacker to make the site send HTTP requests to arbitrary internal or external systems. An attacker can exploit this by crafting a malicious request that causes the module to fetch content from unintended targets, potentially exposing internal services or data. Update to version 1.5.0 or later to resolve this issue.
What an attacker can do
Make your site send HTTP requests to internal systems or external targets on the attacker's behalf.
Potential impact on your site
Attackers could probe internal infrastructure, access private services, or exfiltrate data via forced requests from your Drupal site.
Conditions required to exploit
Network access to the site; specific attack vector details unavailable due to missing CVSS data.
Key dates
External resources
Related vulnerabilities