Show advisories for only Drupal Core, only contributed projects, or only PSAs

TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067

Date: 
2019-September-18
Security risk: 
Moderately critical 12 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default

This module allows you to attach tabular data to an entity.

There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Export Tablefield Data as CSV".

Create user permission - Critical - Access bypass - SA-CONTRIB-2019-066

Date: 
2019-September-18
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default

This module enables you to have a separate permission only for creating users.

The module doesn't respect Drupal's setting for "Who can register accounts?" when set to "Visitors, but administrator approval is required".

When this option is chosen, the module overrides the setting, and makes it possible to register accounts with no approval.

This vulnerability can be mitigated by having other settings in place for account registration, such as requiring email verification for new accounts, or permitting account creation for "Administrators only".

Various Third-Party Vulnerabilities - PSA-2019-09-04

Date: 
2019-September-04

In June of 2011, the Drupal Security Team issued Public Service Advisory PSA-2011-002 - External libraries and plugins.

8 years later that is still the policy of the Drupal Security team. As Drupal core and modules leverage third-party code more and more it seems like an important time to remind site owners that they are responsible for monitoring security of third-party libraries. Here is the advice from 2011 which is even more relevant today:

Imagecache External - Critical - Insecure session token management - SA-CONTRIB-2019-065

Date: 
2019-August-21
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All

This module that allows you to store external images on your server and apply your own Image Styles.

The module exposes cookies to external sites when making external image requests.

This vulnerability is mitigated by using the whitelisted host feature to restrict external image requests from trusted sources.

Forms Steps - Critical - Access bypass - SA-CONTRIB-2019-064

Date: 
2019-August-14
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All

Forms Steps provides an UI to create form workflows using form modes. It creates quick and configurable multisteps forms.

The module doesn't sufficiently check user permissions to access its workflows entities that allows to see any entities that have been created through the different steps of its multistep forms.

This vulnerability is mitigated by the fact that you have to know the Forms Steps URL to create a content linked to the flow. Also, all created content is very hard to edit through the same flow as you have to know the URL and the linked hash to the content.

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

Date: 
2019-August-14
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All

The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.

The module did not have protection for the Redirect URL to go where content authors intended.

Super Login - Moderately critical - Cross site scripting - SA-CONTRIB-2019-062

Date: 
2019-August-14
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

This module improves the Drupal login page with the new features and layout.

The module doesn't sufficiently filter input text in the administration pages text configuration inputs. For example, the login text field.

The vulnerability is mitigated by the fact it can only be exploited by a user with the "Administer super login" permission.

scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

Date: 
2019-August-14
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

The Scroll To Top module enables you to have an animated scroll to top link in the bottom of the node.

The module does not sufficiently filter configuration text leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer scroll to top".

Existing Values Autocomplete Widget - Critical - Access bypass - SA-CONTRIB-2019-060

Date: 
2019-July-24
Security risk: 
Critical 17 ∕ 25 AC:None/A:None/CI:All/II:None/E:Theoretical/TD:All

This module provides an autocomplete widget for text fields that suggests all existing (previously entered) values for that field.

The module doesn't sufficiently check for proper access permission before returning autocomplete results.

This vulnerability is mitigated by the fact that an attacker must know the route to the autocomplete callback controller though this is easily known.

Facebook Messenger Customer Chat Plugin - Critical - Access bypass - SA-CONTRIB-2019-059

Date: 
2019-July-24
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All

The Facebook Messenger Customer Chat Plugin module enables you to add the Facebook Messenger Customer Chat Plugin to your Drupal site.

The module doesn't require user permissions on the admin page.

Pages

Subscribe with RSS Subscribe to Security advisories