Drupal Releases Security Updates

Security updates address a moderately critical Drupal Core vulnerability and a critical Protected Pages module vulnerability

Threat ID:: CC-4308
Threat Severity:: Information only
Published:: 24 April 2023 3:12 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address a moderately critical Drupal Core vulnerability and a critical Protected Pages module vulnerability

Affected platforms

The following platforms are known to be affected:

Drupal

Drupal Core
Protected Pages (Module)

Threat details

Introduction

Drupal has released security updates to address multiple vulnerabilities. The moderately critical vulnerability designated as SA-CORE-2023-005 affects Drupal Core and could allow an attacker to gain unauthorised access to private files.

The critical vulnerability designated SA-CONTRIB-2023-013 affects the Protected Pages module for Drupal, which has been found to insufficiently restrict access to password-protected pages. An attacker could exploit this vulnerability in order to access restricted content.

Remediation advice

Affected organisations are encouraged to review the Drupal security advisories and follow the relevant remediation steps.

Remediation steps

Type	Step
Patch	Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 https://www.drupal.org/sa-core-2023-005
Patch	Protected Pages - Critical - Access bypass - SA-CONTRIB-2023-013 https://www.drupal.org/sa-contrib-2023-013

Definitive source of threat updates

https://www.drupal.org/security

Last edited: 24 April 2023 3:12 pm