← Back

CVE-2009-4527

nvd nist
Published: Dec 31, 2009Modified: Apr 23, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.

Affected (17)

Products: Niif: Shib Auth
Niif
1 product
Shib Auth
Configuration A
17 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Niif
Shib Auth
Version 5.x-1.x dev
Shib Auth
Version 5.x-2.1
Shib Auth
Version 5.x-2.2
Shib Auth
Version 5.x-2.4
Shib Auth
Version 5.x-2.5
Shib Auth
Version 5.x-2.x dev
Shib Auth
Version 5.x-3.3
Shib Auth
Version 5.x-3.x dev
Shib Auth
Version 6.x-1.x dev
Shib Auth
Version 6.x-2.0
Shib Auth
Version 6.x-2.1
Shib Auth
Version 6.x-2.2
Shib Auth
Version 6.x-2.x dev
Shib Auth
Version 6.x-3.0
Shib Auth
Version 6.x-3.0 1
Shib Auth
Version 6.x-3.1
Shib Auth
Version 6.x-3.x dev
Running on/withPlatform Versions
Drupal
Drupal
All versions

Related CWEs

CWE-264
CWE-264

References (10)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.