Drupal 9.5.x < 9.5.11 / 10.x < 10.0.11 / 10.1.x < 10.1.4 Drupal Vulnerability (SA-CORE-2023-006)

Language:

Version 1.4 Oct 6, 2023, 5:06 PM CVSSv2 severity (based on CVE-2023-5256, severity increased from "Medium" to "High") CVSSv3 score source (set to "CVE-2023-5256") CVSS metrics ("CVSSv2 score" changed from 5.0 to 7.1. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" to "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N" to "CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C") Plugin Feed: 202310061706
Version 1.3 Oct 3, 2023, 4:18 PM Detection CVE (set "CVE" coverage to "CVE-2023-5256") CVSS metrics ("CVSSv2 score" set to 5.0. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N". "CVSSv3 score" set to 7.5. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2023-5256") CVSSv2 severity (based on CVE-2023-5256, severity decreased from "High" to "Medium") CVSSv3 score source (set to "CVE-2023-5256") Plugin Feed: 202310031618
Version 1.2 Oct 2, 2023, 6:07 PM IAVM reference Plugin Feed: 202310021807
Version 1.1 Sep 29, 2023, 2:14 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202309291414
Version 1.0 Sep 21, 2023, 4:12 AM New Plugin Feed: 202309210412

* Changelogs are generally available for changes made after Nov 1, 2022