5 matches found
Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053
The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of...
Fedora 39 : drupal7 (2023-b659c62db9)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b659c62db9 advisory. - 7.98 - 7.97 - 7.96 - SA-CORE-2023-005 - 7.95 - SA-CORE-2023-004 - 7.94 - 7.93 Tenable has extracted the preceding description block directly from the Fedor...
Drupal Access Bypass Vulnerability (SA-CORE-2023-005) - Windows
Drupal is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 7.x < 7.96 / 9.4.x < 9.4.14 / 9.5.x < 9.5.8 / 10.x < 10.0.8 Drupal Vulnerability (SA-CORE-2023-005)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.96, 9.4.x prior to 9.4.14, 9.5.x prior to 9.5.8, or 10.x prior to 10.0.8. It is, therefore, affected by a vulnerability. - The file download facility doesn't sufficiently sanitize fil...
Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...