Critical Vulnerability Discovered in Drupal

A critical vulnerability has been identified in Drupal’s Basic HTTP Authentication module. This vulnerability allows attackers to bypass the access restrictions set by the module, potentially exposing sensitive content or resources to risk.

This vulnerability, designated as SA-CONTRIB-2024-057, pertains to the Basic HTTP Authentication module in Drupal. It arises because the module incorrectly sets access permissions for certain paths, leading to a bypass condition. As a result, access restrictions are removed, and users can gain unauthorized access to sensitive resources, which may compromise system security.

The critical vulnerability in Drupal’s Basic HTTP Authentication module enables an access bypass, allowing unauthorized access to sensitive resources. With a high security risk level (16/25), this issue affects all versions prior to 7.x-1.4. To address this vulnerability, it is recommended to upgrade to the fixed version, Basic Authentication 7.x-1.4.

UZCERT advises all users to apply these security measures as soon as possible.

Computer Emergency
Response Team

Computer Emergency
Response Team

Critical Vulnerability Discovered in Drupal

Hackers are attacking GitHub users using a sophisticated new Phishing tool called “GoIssue”

High-Level Vulnerabilities Identified in Fortinet Products

SAP Security Update: Patch for High Severity Vulnerabilities