Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31250


The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.


Published

2023-04-26T19:15:09.197

Last Modified

2025-02-03T17:15:14.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-863
  • Type: Secondary
    CWE-863

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application drupal drupal < 7.96 Yes
Application drupal drupal < 9.4.14 Yes
Application drupal drupal < 9.5.8 Yes
Application drupal drupal < 10.0.8 Yes

References