Drupal SA's missing CVE ID's

Created on 2 September 2024, 7 months ago

Several Drupal Core SA's are missing a CVE ID.

Several I was unable to locate any CVE ID for, one I believe I located an ID however it was not added to the SA on D.O.

Update CVE ID's for the following issues. Note the DST should validate these are the correct CVE ID's.
SA-CORE-2023-005: CVE-2023-31250

Consider publication of a CVE for the following issues.
SA-CORE-2024-001
SA-CORE-2023-004
SA-CORE-2023-003
SA-CORE-2023-002
SA-CORE-2023-001

Publish CVE's as needed
Update CVE records.
Validate if any other entries are missing a CVE ID.

None

None

None

🐛 Bug report

Status

Active

Version

1.0

Component

Documentation

Created by

🇺🇸United States cmlara

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @cmlara
Comment 3 months ago →
🇺🇸United States greggles Denver, Colorado, USA
I updated the advisory for 2025-005 to point to that CVE.

2024-001 is CVE-2024-11941 and now points to it.

@cmlara are you willing to research the CWE and CAPEC for these?
Status changed to Fixed 11 days ago10:44pm 31 March 2025
Comment 11 days ago →
🇺🇸United States greggles Denver, Colorado, USA
I updated the one.

There are many advisories from the past that are missing a CVE, but that feels beyond the scope of this issue, so adjusting the issue summary and marking as fixed.

Production build 0.71.5 2024