Vulnerabilities > CVE-2023-31250 - Incorrect Authorization vulnerability in Drupal

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
drupal
CWE-863

Summary

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Vulnerable Configurations

Part Description Count
Application
Drupal
150

Common Weakness Enumeration (CWE)