CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.7%
This module enables page caching for authenticated users. A separate version of each cacheable page is stored for each group of users with the same combination of roles.
Users having the exact same role-combination like the superuser (uid=1) might access cached pages generated with the superuser. Therefore it might be possible that information is disclosed to those users intended only for the superuser.
This vulnerability is mitigated by the fact that an attacker must have the exact same role-combination like the superuser.
Drupal core is not affected. If you do not use the contributed Authenticated User Page Caching (Authcache) module, there is nothing you need to do.
Install the latest version:
Also see the Authenticated User Page Caching (Authcache) project page.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
99.7%