Show advisories for only Drupal Core, only contributed projects, or only PSAs

Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

Date: 
2024-November-20
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-13296

This module for Drupal provides complete control of Email settings with Drupal and Mailjet.

In certain cases the module doesn't securely pass data to PHP's unserialize() function, which could result in Remote Code Execution via PHP Object Injection.

This vulnerability is mitigated by the fact that an attack must operate with the permission "administer mailjet module", however this could be the case if this issue were combined with others in an "attack chain".

Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008

Date: 
2024-November-20
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-55638

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007

Date: 
2024-November-20
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-55637

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

Drupal core - Less critical - Gadget chain - SA-CORE-2024-006

Date: 
2024-November-20
Security risk: 
Less critical 8 ∕ 25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-55636

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005

Date: 
2024-November-20
Security risk: 
Critical 17 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-55635

Drupal 7 core's Overlay module doesn't safely handle user input, leading to reflected cross-site scripting under certain circumstances.

Only sites with the Overlay module enabled are affected by this vulnerability.

Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004

Date: 
2024-November-20
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-55634

Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.

As a result, a user may be able to register with the same email address as another user.

This may lead to data integrity issues.

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003

Date: 
2024-November-20
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-12393

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized.

Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

Date: 
2024-November-20
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-13295

This module allows users to export nodes and then import it into another Drupal installation, or on the same site.

In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize() function, which could results in Remote Code Execution via PHP Object Injection.

This vulnerability is mitigated by the fact that an attack must operate with the permission "Use PHP to import nodes", however this could be the case if this issue were combined with others in an "attack chain".

POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

Date: 
2024-November-13
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13294

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system (public, private, etc).

This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the allow_insecure_uploads config.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "postfile upload".

POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059

Date: 
2024-November-13
Security risk: 
Moderately critical 12 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13293

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system (public, private, etc).

The module doesn't sufficiently protect against Cross Site Request Forgery
under allowing an attacker to trick a site user into uploading a file.

Pages

Subscribe with RSS Subscribe to Security advisories