Boletines de Vulnerabilidades

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002


Información sobre el sistema

   
Software afectado Drupal

Descripción

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: >=8.0.0 =9.5.0 =10.0.0 Description: The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files.This release was coordinated with SA-CONTRIB-2023-010.This advisory is

More info:

https://www.drupal.org/sa-core-2023-002

Identificadores estándar

Propiedad Valor
CVE

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2023-03-16
Ministerio de Defensa
CNI
CCN
CCN-CERT