CVE-2008-3221 : Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows

Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.

Published 2008-07-18 16:41:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2008-3221

Drupal » Drupal
Versions from including (>=) 6.0 and before (<) 6.3
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 8
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 9
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3221

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2008-3221

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3221

http://drupal.org/node/280571

SA-2008-044 - Drupal core - Multiple vulnerabilities | Drupal.org
Patch;Vendor Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

[SECURITY] Fedora 8 Update: drupal-5.8-1.fc8
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/30168

Third Party Advisory;VDB Entry

CVEs referencing this url
http://secunia.com/advisories/31079

Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2008/07/10/3

oss-security - CVE request: multiple drupal issues in < 6.3,5.8
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

[SECURITY] Fedora 9 Update: drupal-6.3-1.fc9
Third Party Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

[SECURITY] Fedora 8 Update: drupal-5.9-1.fc8
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=454849

454849 – (CVE-2008-3218) drupal: multiple security issues in < 6.3,5.8/5.9 (SA-2008-044,SA-2008-046 - CVE-2008-3218, CVE-2008-3219, CVE-2008-3220, CVE-2008-3221, CVE-2008-3222, CVE-2008-3223)
Issue Tracking;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-3221

Products affected by CVE-2008-3221

Exploit prediction scoring system (EPSS) score for CVE-2008-3221

CVSS scores for CVE-2008-3221

CWE ids for CVE-2008-3221

References for CVE-2008-3221