Drupal has released an update to address a vulnerability that may allow a remote attacker to modify information. CU Boulder’s www.colorado.edu and sites on the Web Express service are not affected as they are on version 7.x.
Drupal core 8.x versions prior to 8.2.8 and 8.3.1
Upgrade to Drupal core 8.2.8 or 8.3.1
Drupal Core - Critical - Access Bypass - SA-CORE-2017-002
Additional information about this vulnerability can be viewed at:
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.