For sites using the core OpenID module, an information disclosure vulnerability was identified that allowed an attacker to read files on the local filesystem by attempting to log in to the site using a malicious OpenID server.
Part of security release SA-CORE-2012-003
This vulnerability affects the following application versions:
- Drupal 7.0
- Drupal 7.1
- Drupal 7.2
- Drupal 7.3
- Drupal 7.4
- Drupal 7.5
- Drupal 7.6
- Drupal 7.7
- Drupal 7.8
- Drupal 7.9
- Drupal 7.10
- Drupal 7.11
- Drupal 7.12
- Drupal 7.13
- Drupal 7.14
- Drupal 7.15