CVE-2025-47709

EPSS 0.23%

發布日:2025/5/7修改日:2025/12/10

描述

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings.

受影響套件(1)

Packagist/drupal/miniorange_2fafrom 0, < 4.7.0 | >= 5.0.1, < 5.2.0

參考連結(1)

WEBhttps://www.drupal.org/sa-contrib-2025-055