The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-12-31T19:00:00
Updated: 2024-08-07T07:08:38.075Z
Reserved: 2009-12-31T00:00:00
Link: CVE-2009-4527
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-12-31T19:30:00.577
Modified: 2017-08-17T01:31:37.007
Link: CVE-2009-4527
Redhat
No data.