CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.7%
Services Basic Authentication module adds HTTP basic authentication for Services module.
A user could get unauthorized access to resources under some circumstances.
This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled.
Drupal core is not affected. If you do not use the contributed Services Basic Authentication module, there is nothing you need to do.
Install the latest version:
Also see the Services Basic Authentication project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/services_basic_auth
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/klausi
www.drupal.org/u/markpavlitski
www.drupal.org/u/skwashd
www.drupal.org/user/2301194
www.drupal.org/user/36762
www.drupal.org/user/499020
www.drupal.org/user/631814
www.drupal.org/user/82971
www.drupal.org/writing-secure-code