CNNVD-202511-2034 Information
CNNVD ID
CNNVD-202511-2034
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Drupal core是Drupal社区的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal core 10.4.9之前版本、10.5.0版本至10.5.6之前版本、11.0.0版本至11.1.9之前版本和11.2.0版本至11.2.8之前版本存在安全漏洞,该漏洞源于使用包含敏感信息的浏览器缓存,可能导致利用错误配置的访问控制安全级别。
Description (English)
Drupal core is a free, open-source content management system developed in the PHP language in the Drupal community. There is a security loophole in previous versions of Drupal core 10.4.9, Version 10.5.0 to previous versions 10.5.6, Version 11.0.0 to pre-version 11.1.9 and Version 11.2.0 to pre-version 11.2.8, which arises from the use of a browser cache containing sensitive information, which may lead to access control security levels using an error configuration.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Drupal
Published
2025-11-18
Last Modified
2026-02-24
References
https://www.drupal.org/sa-core-2025-008 https://vigilance.fr/vulnerability/Drupal-Core-information-disclosure-via-System-Module-48765
Patch
https://www.drupal.org/project/drupal/releases
Share on: