A critical vulnerability in Drupal’s RESTful Web Services

Published On: May 17, 2024 14:18

Advisory No: TZCERT/SA/2024/05/17-4

Source: Drupal

Software Affected: RESTful Web Services

Overview

Description

Advisory No: TZCERT/SA/2024/05/17-4

Date of First Release: 17th May 2024

Source: Drupal

Software Affected: RESTful Web Services

Overview:

Drupal plugin is vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to bypass access controls.

Description:

RESTful Web Services in Drupal CMS is affected by a critical vulnerability as a result of insufficient access restriction for user resources. The attackers can exploit the vulnerability to gain escalated privilege.

Impact:

Successful exploitation of this vulnerability may allow an attacker to gain escalated privilege.

Solution:

Drupal has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.drupal.org/sa-contrib-2024-019

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident