Published On: Nov 08, 2024 22:41
Advisory No: TZCERT-SA-24-0038
Source: Drupal
Software Affected: Basic HTTT Authentication
Drupal is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to bypass access control.
Basic HTTT Authentication module in Drupal is vulnerable to critical vulnerability. The module provides a possibility to restrict access to specific paths using basic HTTP authentication, in addition to standard Drupal access checks. The flaw exists when the module removes existing access checks from some paths, resulting in an access bypass vulnerability.
Successful exploitation of this vulnerability may allow the attacker to gain access to the vulnerable system.
Drupal has released security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
