Vulnerability from drupal
Published
2022-05-25 17:03
Modified
2023-08-10 21:35
Summary
Details

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers (user) can view API keys for their respective Apps.

The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for a limited time frame after the user login on the same computer.

Credits
Dezső BICZÓ www.drupal.org/user/315522
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c1.26.0 || \u003e=2.0.0 \u003c2.0.3"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/apigee_edge"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c1.26.0"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.26.0"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "database_specific": {
            "constraint": "\u003e=2.0.0 \u003c2.0.3"
          },
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/315522"
      ],
      "name": "Dezs\u0151 BICZ\u00d3"
    }
  ],
  "details": "The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers (user) can view API keys for their respective Apps.\n\nThe module discloses information by allowing attackers to view cached information of API Keys from the browser cache for a limited time frame after the user login on the same computer.",
  "id": "DRUPAL-CONTRIB-2022-045",
  "modified": "2023-08-10T21:35:00.000Z",
  "published": "2022-05-25T17:03:55.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2022-045"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.