Show advisories for only Drupal Core, only contributed projects, or only PSAs

Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Date: 
2024-August-07
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13265

The Opigno Learning Path module enables you to manage group content.

Administrative forms allow uploading malicious files which may contain arbitrary code (RCE) or cross site scriptiong (XSS). These forms were not adequately controlled with permissions that communicate the severity of the permission.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Manage group content in any group".

Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028

Date: 
2024-August-07
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-13264

The Opigno module is related to Opigno LMS distribution. It implements the module entity, that is a sub-part of a training.

In the opigno_module module, uploaded files were not sufficiently validated to prevent arbitrary file uploads, which could lead to Remote Code Execution (RCE) and/or Cross Site Scripting (XSS).

This vulnerability is mitigated by the fact that it requires the attacker have a role with the permission "create opigno tincan activities".

Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

Date: 
2024-August-07
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13263

The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one.

An administration form allows execution of arbitrary code.

This issue is mitigated by several factors. First, it requires the attacker have the permission "update group learning_path". Additionally, it requires several steps and depends on other data in the system to be in place.

View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026

Date: 
2024-July-31
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13262

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes.

The module doesn't validate the content of classes. A malicious user with access to the View Password Settings Form could add malicious code in the classes field.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer view password".

3rd Party Libraries and Supply Chains - PSA-2024-06-26

Date: 
2024-June-26

Following on from previous PSAs on 3rd Party code in the Drupal ecosystem:

It is the policy of the Drupal Security Team that site owners are responsible for monitoring and maintaining the security of 3rd party libraries.

Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025

Date: 
2024-June-05
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13261

Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance.

Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

Date: 
2024-May-29
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:Admin/CI:None/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13260

The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.

The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.

This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.

Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023

Date: 
2024-May-29
Security risk: 
Moderately critical 14 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13259

This module enables you to create responsive image styles that depend on the parent element's width.

The module doesn't sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific scenarios.

Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

Date: 
2024-May-29
Security risk: 
Moderately critical 11 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13258

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider Authentication, etc.

The module doesn't sufficiently control user access when using Basic Authentication.

Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021

Date: 
2024-May-22
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13257

The Commerce View Receipts module enables you to view commerce order receipts in the browser.

The module doesn't sufficiently check access permissions, allowing an unauthorised user to view the private information of other customers.

Pages

Subscribe with RSS Subscribe to Security advisories