Drupal Address Multiple Vulnerabilities - 20230123001

Overview

Drupal has released security advisories to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to access sensitive information.

What is vulnerable?

Below are the Drupal Advisory links and relevant products:

• SA-CONTRIB-2023-001: Private Taxonomy Terms - Access bypass
• SA-CONTRIB-2023-002: Entity Browser - Information Disclosure
• SA-CONTRIB-2023-003: Media Library Block - Information Disclosure
• SA-CONTRIB-2023-004: Media Library Form API Element - Information Disclosure

Recommendation

The WA SOC recommends administrators to review the listed security advisories and apply the solutions as per vendor instructions to all affected products.

Additional References

• Drupal Security Advisories page - https://www.drupal.org/security