Access Bypass in Drupal’s Smart IP Ban

Imechapishwa: Sep 23, 2024 07:57

Advisory No: TZCERT-SA-24-0027

Source: Drupal

Software Affected: Smart IP Ban

Overview

Drupal CMS is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to bypass security control.

Description

Drupal’s Smart IP Ban is affected by a critical vulnerability. The flaw results from insufficient protection access by the module to certain paths provided by the module allowing a malicious user to view and modify the settings.

Impact

Successful exploitation of this vulnerability may allow the attacker to bypass access control.

Solution

Drupal has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio