SB2023031541 - Multiple vulnerabilities in Drupal

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions to the page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.. A remote attacker who can exploit an XSS vulnerability on the website can retrieve data from the phpinfo() output.

2) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way the language module handles translations of articles. A remote attacker can use the Language switcher block to obtain links to quickly switch between different languages and use these links to view unpublished translations. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content.

3) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to thumbnails of media items.

The vulnerability exists due to improper access restrictions to thumbnails of media items. A remote attacker can view contents of potentially sensitive files.

Remediation

Install update from vendor's website.

References

• https://www.drupal.org/sa-core-2023-004
• https://www.drupal.org/sa-core-2023-003
• https://www.drupal.org/sa-core-2023-002