Drupal Apigee Edge Security Vulnerability Update - 20230203002

Overview

Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information.

What is the vulnerability?

SA-CONTRIB-2023-005 - Moderately Critical - 13/23 Security Risk Score

What is vulnerable?

The vulnerability affects the following products:

• Apigee Edge module version 2.0.x for Drupal 9.x
• Apigee Edge module version 8.x-1.x for Drupal 9.x

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: https://www.drupal.org/sa-contrib-2023-005

Additional References

• https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/drupal-releases-security-update-address-vulnerability-apigee-edge
• https://www.drupal.org/drupal-security-team/security-risk-levels-defined