Boletines de Vulnerabilidades

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: =8.0.0 =9.5.0 =10.0.0 Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could

More info:

https://www.drupal.org/sa-core-2023-004

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-03-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT