Drupal Core Multiple Vulnerabilities
Release Date:
17 Mar 2023
4572
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Drupal Core. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure and security restriction bypass on the targeted system.
Impact
- Information Disclosure
- Security Restriction Bypass
System / Technologies affected
- Versions prior to Drupal 10.0.5
- Versions prior to Drupal 9.5.5
- Versions prior to Drupal 9.4.12
- Versions prior to Drupal 7.95
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.drupal.org/sa-core-2023-002
- https://www.drupal.org/sa-core-2023-003
- https://www.drupal.org/sa-core-2023-004
All versions of Drupal 9 prior to 9.4.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with