2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.967 High
EPSS
Percentile
99.7%
This package is a tool to build debian packages from a Drupal instance.
The module doesn’t sufficiently protect database credentials.
This vulnerability is mitigated by the fact that an attacker must have shell access to the server.
Drupal core is not affected. If you do not use the contributed Drush Debian Packaging module, there is nothing you need to do.
Uninstall the package.
Also see the Drush Debian Packaging project page.
Not applicable.