Get in Touch
Indiscriminate, opportunistic targeting.
Drupal has released patches to address a critical vulnerability impacting some older versions. A cyber attacker can exploit the vulnerability and take control of the affected system. It’s essential to take immediate action to secure your Drupal-based website.
If the exploitation by the attacker is successful then a threat actor can take control of the system and manipulate it by uploading malicious files to a Drupal site that uses REST or JSON APIs and bypass the file validation process.
Cache poisoning is where the attacker’s aim is to compromise the system, often with the goal of manipulating the data that is served from the cache. It can lead to various security issues including redirecting legitimate traffic to malicious websites, causing service disruption and delivering malicious content.
Drupal versions 8.9.x, 9.1.x, and 9.2.x.
Containment, Mitigations & Remediations
It is strongly recommended that users should take immediate action to fix the vulnerability with the latest versions of Drupal listed below:
- Drupal 10.1, update to Drupal 10.1.4
- Drupal 10.0, update to Drupal 10.0.11
- Drupal 9.5, update to Drupal 9.5.11.
Users are also advised to update all versions of Drupal 9 prior to 9.5 as they are end-of-life. However, Drupal 7 is not affected.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
No attribution to specific threat actors or groups has been identified at the time of writing.
Drupal is a popular open-source management system that runs millions of websites and applications. Drupal core is the main part of Drupal that offers the essential functionalities and features. A successful attacker can control the system upload and delete files leading to a compromise of the site or data. The mitigation has restricted the access administrative permission. Exploit paths for the same vulnerability may allow a user to write Twig templates with contributed and customised code.
TA0002 – Execution
CISA (Drupal Releases Security Advisory to Address Vulnerability in Drupal Core | CISA) issued an alert to encourage users to review the Drupal security advisory and apply the necessary updates as soon as quick.