An attacker might be able to see content before the site owner intends people to see the content. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability.
This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.Īccess bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10 8.9.X versions prior to 8.9.6 9.0.X versions prior to 9.0.6.ĭrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.Ĭross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user.
0 kommentar(er)
