PT-2025-13842 · Drupal · Drupal Ai

Andrew Belcher

+6

·

Publicado

2025-03-31

·

Atualizado

2025-06-04

·

CVE-2025-31678

CVSS v3.1

8.2

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions Drupal AI (Artificial Intelligence) versions 0.0.0 through 1.0.2
Description The issue is related to a Missing Authorization vulnerability, which allows Forceful Browsing in Drupal AI (Artificial Intelligence).
Recommendations For versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2025-31678
DRUPAL-CONTRIB-2025-004
GHSA-C8Q6-WP7V-46R9

Produtos afetados

Drupal Ai