Casey

**Name of the Vulnerable Software and Affected Versions** OhDear Integration versions 0.0.0 through 2.0.3 **Description** The issue is related to incorrect authorization in the OhDear Integration module for Drupal, allowing forceful browsing. This can enable a remote attacker to access confidential information. **Recommendations** For OhDear Integration versions 0.0.0 through 2.0.3, update to version 2.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.2.x before 8.2.7 **Description** The issue arises when adding a private file via the editor, where the editor fails to correctly check access for the attached file, leading to an access bypass. **Recommendations** For versions 8.2.x before 8.2.7, update to version 8.2.7 or later to resolve the issue.