CVE-2023-31250

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-31250

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31250.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-31250

Aliases

Downstream

UBUNTU-CVE-2023-31250

Published

2023-04-26T19:15:09.197Z

Modified

2026-02-11T13:30:09.777844Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

References

https://www.drupal.org/sa-core-2023-005

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

0db8126913ff8f271ef13c24684c0f3402a967f4

Fixed

47c5f228e18b3a26476800c0baa141b56cc9d71d

Introduced

2700c5afb6c3936041db413872eea82dc0bd4fe4

Fixed

13b06fc9c636c051eb1c3349ceb9429a78add4c4

Introduced

497914920385b7016ac9c9367e0198530787adf2

Fixed

d5d2a01bb6de80b202e141278312ab2d376f3c63

Introduced

970c1b5cfa946f683de326a3f252b5371a42186a

Fixed

260b4d16f44ab87794972b3ad3ced896afe640e8

Affected versions

10.*

10.0.0

10.0.1

10.0.2

10.0.4

10.0.5

10.0.6

10.0.7

7.*

7.0

7.1

7.10

7.11

7.12

7.13

7.14

7.15

7.16

7.17

7.18

7.19

7.2

7.20

7.21

7.22

7.23

7.24

7.25

7.26

7.27

7.28

7.29

7.3

7.30

7.31

7.32

7.33

7.34

7.35

7.36

7.37

7.38

7.39

7.4

7.40

7.41

7.42

7.43

7.44

7.5

7.50

7.51

7.52

7.53

7.54

7.55

7.56

7.57

7.58

7.59

7.6

7.60

7.61

7.62

7.63

7.64

7.65

7.66

7.67

7.68

7.69

7.7

7.70

7.71

7.72

7.73

7.74

7.75

7.76

7.77

7.78

7.79

7.8

7.80

7.81

7.82

7.83

7.84

7.85

7.86

7.87

7.88

7.89

7.9

7.90

7.91

7.92

7.93

7.94

7.95

8.*

8.0-alpha10

8.0-alpha11

8.0-alpha12

8.0-alpha13

8.0-alpha2

8.0-alpha3

8.0-alpha4

8.0-alpha5

8.0-alpha6

8.0-alpha7

8.0-alpha8

8.0-alpha9

8.0.0

8.0.0-alpha14

8.0.0-alpha15

8.0.0-beta1

8.0.0-beta10

8.0.0-beta11

8.0.0-beta12

8.0.0-beta13

8.0.0-beta14

8.0.0-beta15

8.0.0-beta16

8.0.0-beta2

8.0.0-beta3

8.0.0-beta4

8.0.0-beta5

8.0.0-beta6

8.0.0-beta7

8.0.0-beta9

8.0.0-rc1

8.0.0-rc2

8.0.0-rc3

8.0.0-rc4

8.1.0-beta1

9.*

9.0.0-alpha1

9.0.0-alpha2

9.4.0

9.4.0-alpha1

9.4.0-beta1

9.4.0-rc1

9.4.0-rc2

9.4.1

9.4.10

9.4.11

9.4.12

9.4.13

9.4.2

9.4.3

9.4.4

9.4.5

9.4.6

9.4.7

9.4.8

9.4.9

9.5.0

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31250.json"