GHSA-mhpg-hpj5-73r2

Suggest an improvement
Source
https://github.com/advisories/GHSA-mhpg-hpj5-73r2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-mhpg-hpj5-73r2/GHSA-mhpg-hpj5-73r2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mhpg-hpj5-73r2
Aliases
  • CVE-2025-13083
Published
2025-11-18T18:32:53Z
Modified
2025-11-20T10:42:44.854328Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels
Details

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

Database specific 
{
    "github_reviewed_at": "2025-11-18T21:56:20Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-525"
    ],
    "nvd_published_at": "2025-11-18T17:15:59Z",
    "severity": "LOW"
}
References

Affected packages

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
10.4.9

Affected versions

8.*

8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.1.0-beta1
8.1.0-beta2
8.1.0-rc1
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.1.9
8.1.10
8.2.0-beta1
8.2.0-beta2
8.2.0-beta3
8.2.0-rc1
8.2.0-rc2
8.2.0
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
8.3.0-alpha1
8.3.0-beta1
8.3.0-rc1
8.3.0-rc2
8.3.0
8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
8.3.6
8.3.7
8.3.8
8.3.9
8.4.0-alpha1
8.4.0-beta1
8.4.0-rc1
8.4.0-rc2
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.4.6
8.4.7
8.4.8
8.5.0-alpha1
8.5.0-beta1
8.5.0-rc1
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.6.0-alpha1
8.6.0-beta1
8.6.0-beta2
8.6.0-rc1
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.6.9
8.6.10
8.6.11
8.6.12
8.6.13
8.6.14
8.6.15
8.6.16
8.6.17
8.6.18
8.7.0-alpha1
8.7.0-alpha2
8.7.0-beta1
8.7.0-beta2
8.7.0-rc1
8.7.0
8.7.1
8.7.2
8.7.3
8.7.4
8.7.5
8.7.6
8.7.7
8.7.8
8.7.9
8.7.10
8.7.11
8.7.12
8.7.13
8.7.14
8.8.0-alpha1
8.8.0-beta1
8.8.0-rc1
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9
8.8.10
8.8.11
8.8.12
8.9.0-beta1
8.9.0-beta2
8.9.0-beta3
8.9.0-rc1
8.9.0
8.9.1
8.9.2
8.9.3
8.9.4
8.9.5
8.9.6
8.9.7
8.9.8
8.9.9
8.9.10
8.9.11
8.9.12
8.9.13
8.9.14
8.9.15
8.9.16
8.9.17
8.9.18
8.9.19
8.9.20

9.*

9.0.0-alpha1
9.0.0-alpha2
9.0.0-beta1
9.0.0-beta2
9.0.0-beta3
9.0.0-rc1
9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.9
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.1.0-alpha1
9.1.0-beta1
9.1.0-rc1
9.1.0-rc2
9.1.0-rc3
9.1.0
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
9.1.7
9.1.8
9.1.9
9.1.10
9.1.11
9.1.12
9.1.13
9.1.14
9.1.15
9.2.0-alpha1
9.2.0-beta1
9.2.0-beta2
9.2.0-beta3
9.2.0-rc1
9.2.0
9.2.1
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9
9.2.10
9.2.11
9.2.12
9.2.13
9.2.14
9.2.15
9.2.16
9.2.17
9.2.18
9.2.19
9.2.20
9.2.21
9.3.0-alpha1
9.3.0-beta1
9.3.0-beta2
9.3.0-beta3
9.3.0-rc1
9.3.0
9.3.1
9.3.2
9.3.3
9.3.4
9.3.5
9.3.6
9.3.7
9.3.8
9.3.9
9.3.10
9.3.11
9.3.12
9.3.13
9.3.14
9.3.15
9.3.16
9.3.17
9.3.18
9.3.19
9.3.20
9.3.21
9.3.22
9.4.0-alpha1
9.4.0-beta1
9.4.0-rc1
9.4.0-rc2
9.4.0
9.4.1
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.4.7
9.4.8
9.4.9
9.4.10
9.4.11
9.4.12
9.4.13
9.4.14
9.4.15
9.5.0-beta1
9.5.0-beta2
9.5.0-rc1
9.5.0-rc2
9.5.0
9.5.1
9.5.2
9.5.3
9.5.4
9.5.5
9.5.6
9.5.7
9.5.8
9.5.9
9.5.10
9.5.11

10.*

10.0.0-alpha1
10.0.0-alpha2
10.0.0-alpha3
10.0.0-alpha4
10.0.0-alpha5
10.0.0-alpha6
10.0.0-alpha7
10.0.0-beta1
10.0.0-beta2
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.0.10
10.0.11
10.1.0-alpha1
10.1.0-beta1
10.1.0-rc1
10.1.0
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.2.0-alpha1
10.2.0-beta1
10.2.0-rc1
10.2.0
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9
10.2.10
10.2.11
10.2.12
10.3.0-beta1
10.3.0-rc1
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
10.3.9
10.3.10
10.3.11
10.3.12
10.3.13
10.3.14
10.4.0-beta1
10.4.0-rc1
10.4.0
10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.4.6
10.4.7
10.4.8

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.5.0
Fixed
10.5.6

Affected versions

10.*

10.5.0
10.5.1
10.5.2
10.5.3
10.5.4
10.5.5

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
11.1.9

Affected versions

11.*

11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
11.0.10
11.0.11
11.0.12
11.0.13
11.1.0-beta1
11.1.0-rc1
11.1.0
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.1.7
11.1.8

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.2.0
Fixed
11.2.8

Affected versions

11.*

11.2.0
11.2.1
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7