Show advisories for only Drupal Core, only contributed projects, or only PSAs

Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063

Date: 
2018-October-03
Security risk: 
Highly critical 20 ∕ 25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon

This module provides printer-friendly versions of content, including send by e-mail and PDF versions.

The module doesn't sufficiently sanitize the arguments passed to the wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell commands. It also doesn't sufficiently sanitize the HTML content passed to dompdf, allowing a privileged attacker to execute arbitrary PHP code.

Commerce Klarna Checkout - Moderately critical - Access bypass - SA-CONTRIB-2018-062

Date: 
2018-September-26
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All

The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider

The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step.

Taxonomy File Tree - Moderately critical - Access bypass - SA-CONTRIB-2018-061

Date: 
2018-September-26
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All

Taxonomy File Tree allows site managers to create file trees.

For files managed as Drupal files, the module does not properly check that a user has access to a file before letting the user download the file.

This vulnerability only affects sites that use private files.

Renderkit - Moderately critical - Access bypass - SA-CONTRIB-2018-060

Date: 
2018-September-19
Security risk: 
Moderately critical 11 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

This module, typically in combination with cfr:cfrplugin, allows to compose behaviors from granular components. One of such behaviors is to display a list of related entities, for a given source entity and a given entity relation (e.g. an entity reference field).

The components that display related content do not check if the user has access to view the related entities. This way e.g. unpublished nodes may be displayed to anonymous visitors.

Fraction - Less critical - XSS vulnerability - SA-CONTRIB-2018-059

Date: 
2018-September-05
Security risk: 
Less critical 5 ∕ 25 6/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:None/E:Theoretical/TD:All

This module enables you to create fields for storing decimal values as two integers (numerator and denominator) for maximum precision.

The module doesn't sufficiently filter XSS strings out of field labels.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to manage field configuration.

Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058

Date: 
2018-August-29
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All

This module enables you to use the Bing Autosuggest API.

The module doesn't sufficiently sanitize a value used to populate an API request.

Commerce Core - Moderately critical - Access bypass - SA-CONTRIB-2018-057

Date: 
2018-August-29
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This module enables you to build eCommerce websites and applications with Drupal.

The module doesn't sufficiently check access for some of its entity types.

File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056

Date: 
2018-August-15
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:Default

This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.

The module doesn't sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code.

This vulnerability is mitigated by the fact that an attacker must have access to a form containing a widget processed by this module.

PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055

Date: 
2018-August-08
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:All

This module enables you to add or overwrite PHP configuration on a drupal website.

The module doesn't sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer phpconfig".

After updating the module, it's important to review the permissions of your website and if 'administer phpconfig' permission is given to a not fully trusted user role, we advise to revoke it.

Drupal Core - 3rd-party libraries -SA-CORE-2018-005

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2018-005
  • Project: Drupal core
  • Version: 8.x
  • CVE: CVE-2018-14773
  • Date: 2018-August-01
Categories: Drupal 8.x

Pages

Subscribe with RSS Subscribe to Security advisories