Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045

Project: Apigee Edge
Date: 2022-May-25
Security risk: Moderately critical 13∕25
Vulnerability: Access bypass

Description

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers (user) can view API keys for their respective Apps.

The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for a limited time frame after the user login on the same computer.

Solution

Install the latest version:

If you use the Apigee Edge module version 2.0.x for Drupal 9.x, upgrade to Apigee Edge 2.0.3
If you use the Apigee Edge module version 8.x-1.x for Drupal 9.x, upgrade to Apigee Edge 8.x-1.26

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.