[Security-news] Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019
security-news at drupal.org
security-news at drupal.org
Wed Feb 26 18:35:12 UTC 2025
View online: https://www.drupal.org/sa-contrib-2025-019
Project: Cache Utility [1]
Date: 2025-February-26
Security risk: *Moderately critical* 13 ∕ 25
AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Request Forgery
Affected versions: <1.2.1 || >=1.3.0 <1.3.0
Description:
The Cache Utility module provides an ability to view status and flush
various caches.
The module doesn't sufficiently protect against Cross Site Request Forgery
(CSRF) attacks by validating user identity and intent when flushing a cache.
Solution:
Install the latest version:
* If you use the Cache Utility module for Drupal 1.2.x, upgrade to Cache
Utility 1.2.1 [3]
* If you use the Cache Utility module for Drupal 1.x, you can also upgrade
to Cache Utility 1.3.0 [4]
Reported By:
* Pierre Rudloff (prudloff) [5]
Fixed By:
* cyoun [6]
Coordinated By:
* Greg Knaddison (greggles) [7] of the Drupal Security Team
[1] https://www.drupal.org/project/cache_utility
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/cache_utility/releases/1.2.1
[4] https://www.drupal.org/project/cache_utility/releases/1.3.0
[5] https://www.drupal.org/u/prudloff
[6] https://www.drupal.org/u/cyoun
[7] https://www.drupal.org/u/greggles
More information about the Security-news
mailing list