Show advisories for only Drupal Core, only contributed projects, or only PSAs

Vocabulary Permissions Per Role - Critical - Access bypass - SA-CONTRIB-2022-016

Date: 
2022-January-25
Security risk: 
Critical 17 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default

Update
Maintainers stepped forward, fixed the security issue, and Vocabulary Permissions Per Role is supported again.

The module allows adding to/editing terms of/removing terms from vocabularies per role.

The module did not properly check access for certain operations allowing an unauthorized malicious user to view, modify and delete terms.

Exif - Critical - Remote code execution - SA-CONTRIB-2022-015

Date: 
2022-January-25
Security risk: 
Critical 18 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:All

This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures.

The module doesn't sufficiently protect against malicious files being used to attack the site.

This vulnerability is mitigated by the fact that an attacker must have permission to upload images to the site.

Business Responsive Theme - Critical - Unsupported - SA-CONTRIB-2022-013

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Swiftype integration - Critical - Unsupported - SA-CONTRIB-2022-012

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011

Date: 
2022-January-25
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

This module provides a very simple, mobile-friendly navigation toolbar.

The module doesn't sufficiently check for user-provided input.

This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default "Filtered HTML" format) that won't filter out the exploit code.

Rate - Critical - Unsupported - SA-CONTRIB-2022-010

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

2022-01-31 - a new maintainer has step forward and this module has been updated.

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Expire reset password link - Critical - Unsupported - SA-CONTRIB-2022-009

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Admin Toolbar Search - Critical - Unsupported - SA-CONTRIB-2022-008

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Colorbox - Critical - Unsupported - SA-CONTRIB-2022-007

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

Updated 2022-02-02: New maintainers have volunteered for the project and created new releases which includes fixes for the security issues that caused the module to be unsupported.

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Taxonomy Access Control Lite - Critical - Unsupported - SA-CONTRIB-2022-006

Date: 
2022-January-25
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

Update 2022-03-01. New maintainers have volunteered for the project and created a new release which includes fixes for the 3 security issues that caused the module to be unsupported.

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Pages

Subscribe with RSS Subscribe to Security advisories