Contrib.social

Drupal SA's missing CVE ID's

Open on Drupal.org β†’
Created on 2 September 2024, 6 months ago

Problem/Motivation

Several Drupal Core SA's are missing a CVE ID.

Several I was unable to locate any CVE ID for, one I believe I located an ID however it was not added to the SA on D.O.

Steps to reproduce

Proposed resolution

Update CVE ID's for the following issues. Note the DST should validate these are the correct CVE ID's.
SA-CORE-2023-005: CVE-2023-31250

Consider publication of a CVE for the following issues.
SA-CORE-2024-001
SA-CORE-2023-004
SA-CORE-2023-003
SA-CORE-2023-002
SA-CORE-2023-001

Remaining tasks

Publish CVE's as needed
Update CVE records.
Validate if any other entries are missing a CVE ID.

User interface changes

None

API changes

None

Data model changes

None

πŸ› Bug report
Status

Active

Version

1.0

Component

Documentation

Created by

πŸ‡ΊπŸ‡ΈUnited States cmlara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @cmlara
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States greggles Denver, Colorado, USA

    I updated the advisory for 2025-005 to point to that CVE.

    2024-001 is CVE-2024-11941 and now points to it.

    @cmlara are you willing to research the CWE and CAPEC for these?

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024