Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2023-February-01
Vulnerability:
Access bypass
Affected versions:
<1.27.0 || >=2.0.0 <2.0.8
Description:
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.
Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.
Solution:
Install the latest version:
- If you use the Apigee Edge module version 2.0.x for Drupal 9.x, upgrade to Apigee Edge 2.0.8
- If you use the Apigee Edge module version 8.x-1.x for Drupal 9.x, upgrade to Apigee Edge 8.x-1.27
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
