[Security-news] HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126
security-news at drupal.org
security-news at drupal.org
Wed Dec 17 17:47:14 UTC 2025
View online: https://www.drupal.org/sa-contrib-2025-126
Project: HTTP Client Manager [1]
Date: 2025-December-17
Security risk: *Less critical* 8 ∕ 25
AC:Complex/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Information disclosure
Affected versions: <9.3.13 || >=10.0.0 <10.0.2 || >=11.0.0 <11.0.1
CVE IDs: CVE-2025-14840
Description:
Http Client Manager introduces a new Guzzle based plugin which allows you to
manage HTTP clients using Guzzle Service Descriptions via YAML, JSON or PHP
files, in a simple and efficient way. The modules allows administrators to
configure HTTP requests as part of Event Condition Action (ECA) automation.
The module does not sufficiently maintain separation of data from request
operations, potentially leading to information disclosure in very uncommon
situations.
Solution:
Install the latest version:
* If you use the Http Client Manager module 9.3.x, upgrade to Http Client
Manager 9.3.13 [3]
* If you use the Http Client Manager module 10.0.x, upgrade to Http Client
Manager 10.0.2 [4]
* If you use the Http Client Manager module 11.0.x, upgrade to Http Client
Manager 11.0.1 [5]
Reported By:
* mxh [6]
Fixed By:
* Adriano Cori (aronne) [7]
* mxh [8]
Coordinated By:
* Greg Knaddison (greggles) [9] of the Drupal Security Team
* Juraj Nemec (poker10) [10] of the Drupal Security Team
------------------------------------------------------------------------------
Contribution record [11]
[1] https://www.drupal.org/project/http_client_manager
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/http_client_manager/releases/9.3.13
[4] https://www.drupal.org/project/http_client_manager/releases/10.0.2
[5] https://www.drupal.org/project/http_client_manager/releases/11.0.1
[6] https://www.drupal.org/u/mxh
[7] https://www.drupal.org/u/aronne
[8] https://www.drupal.org/u/mxh
[9] https://www.drupal.org/u/greggles
[10] https://www.drupal.org/u/poker10
[11]
https://new.drupal.org/contribution-record?source_link=https%3A//www.drupal.org/node/3563748
More information about the Security-news
mailing list