6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.8%
Log Watcher allows you to monitor your site logs in a systematic way by setting up scheduled aggregations for specific log types.
The report administration links are not properly protected from CSRF. A malicious user could cause a log administrator to enable, disable, or delete a Log Watcher report by getting the administrator’s browser to make a request to a specially-crafted URL while the administrator was logged in.
Drupal core is not affected. If you do not use the contributed Log Watcher module,
there is nothing you need to do.
Install the latest version:
Also see the Log Watcher project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/logwatcher
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/19668
www.drupal.org/user/2301194
www.drupal.org/user/972
www.drupal.org/writing-secure-code