Product
Drupal Contrib module miniorange_saml
Found
14.06.2020
Published
18.11.2020
CVE
SA-CONTRIB-2020-038
CVSS 3.0
9.8
This module enables your users residing at a SAML 2.0 compliant Identity Provider to login to your Drupal website.
The module has two Authentication Bypass vulnerabilities.
Solution:
Install the latest version:
- If you use the miniorange_saml module for Drupal 8.x, upgrade to miniorange_saml 8.x-2.14
- If you use the miniorange_saml module for Drupal 7.x, upgrade to miniorange_saml 7.x-2.54