new vulnerability assessment

bcgov / MFIN-Data-Catalogue

The Finance Data Catalogue enables users to discover data holdings at the BC Ministry of Finance and offers information and functionality that benefits consumers of data for business purposes. The product is built using Drupal and adheres to the Government of BC's Core Metadata Standard.

Other

6 stars 0 forks source link

new vulnerability assessment #378

Closed NicoledeGreef closed 4 months ago

NicoledeGreef commented 4 months ago

OP timer

Security Team has posted a Critical vulnerability regarding Drupal: https://www2.gov.bc.ca/assets/download/7C8A249665B14D1BBBFCDFD904E041B2

Please assess in the context of the MFIN Data Catalogue and bcbb. We can discuss mitigation as applicable.

lkmorlan commented 4 months ago

This part is critical:

The module has a logic error when handling sites that upgraded code and did not run the Drupal update process (e.g. update.php).

We have always run the updates, so this is not a problem.