Lucene search

UbuntuUSN-6981-1

HistoryAug 27, 2024 - 12:00 a.m.

Drupal vulnerabilities

2024-08-2700:00:00

ubuntu.com

drupal

ubuntu 16.04 esm

content management

arbitrary code execution

filename sanitization

overwrite files

cve-2020-13671

cve-2020-28948

cve-2020-28949

unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.935

Percentile

99.2%

JSON

Releases

Ubuntu 16.04 ESM

Packages

drupal7 - fully-featured content management framework

Details

It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)

It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary files,
or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchdrupal7< 7.44-1ubuntu1~16.04.0+esm2UNKNOWN
Ubuntu16.04noarchdrupal7< 7.44-1ubuntu1~16.04.0UNKNOWN