Examples For Developers
Monthly
Missing Authorization in Drupal's Examples for Developers module (versions 0.0.0 through 4.0.5) permits forceful browsing by an already highly-privileged authenticated attacker, exposing restricted paths with limited confidentiality and integrity impact. All available signals converge on minimal real-world risk: CVSS scores 3.3 (Low), EPSS sits at 0.14% (4th percentile), SSVC reports no known exploitation and non-automatable attack conditions, and neither active exploitation nor public proof-of-concept code has been identified. A vendor patch is available at version 4.0.6.
Missing Authorization in Drupal's Examples for Developers module (versions 0.0.0 through 4.0.5) permits forceful browsing by an already highly-privileged authenticated attacker, exposing restricted paths with limited confidentiality and integrity impact. All available signals converge on minimal real-world risk: CVSS scores 3.3 (Low), EPSS sits at 0.14% (4th percentile), SSVC reports no known exploitation and non-automatable attack conditions, and neither active exploitation nor public proof-of-concept code has been identified. A vendor patch is available at version 4.0.6.