Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-31250

Опубликовано: 26 апр. 2023
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 7.0 (включая) до 7.96 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 9.4 (включая) до 9.4.14 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 9.5 (включая) до 9.5.8 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 10.0 (включая) до 10.0.8 (исключая)

EPSS

Процентиль: 49%
0.00257
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863
CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2023-31250

CVSS3: 6.5
ubuntu
около 2 лет назад

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

debian логотип

CVE-2023-31250

CVSS3: 6.5
debian
около 2 лет назад

The file download facility doesn't sufficiently sanitize file paths in ...

github логотип

GHSA-8849-cv9f-vccm

github
около 2 лет назад

Access bypass in Drupal core

EPSS

Процентиль: 49%
0.00257
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863
CWE-863