1.0 Introduction
Recently, Drupal has released security updates to address multiple vulnerabilities in Drupal software.
2.0 Impact
These vulnerabilities could allow a cyber threat actor to exploit these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Multiple Drupal software
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the
Drupal’s security releases
and apply the necessary updates.
Kindly refer to the following URL:
- wkhtmltopdf – Highly critical – Unsupported – SA-CONTRIB-2024-049: https://www.drupal.org/sa-contrib-2024-049
- Facets – Critical – Cross Site Scripting – SA-CONTRIB-2024-047: https://www.drupal.org/sa-contrib-2024-047
- Gutenberg – Moderately critical – Cross Site Request Forgery – SA-CONTRIB-2024-048: https://www.drupal.org/sa-contrib-2024-048
- Block permissions – Moderately critical – Access bypass – SA-CONTRIB-2024-046: https://www.drupal.org/sa-contrib-2024-046
- Monster Menus – Moderately critical - Access bypass, Information Disclosure – SA-CONTRIB-2024-045: https://www.drupal.org/sa-contrib-2024-045
Generally, Cyber999 advises users of this device to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17.30 MYT
Web:
https://www.mycert.org.my
5.0 References