Show advisories for only Drupal Core, only contributed projects, or only PSAs

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036

Date: 
2021-September-22
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This module provides a solution to authenticate visitors using existing SAML providers.

Certain non-default configurations allow a malicious user to login as any chosen user.

The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate".

Taxonomy Manager - Moderately critical - Access bypass - SA-CONTRIB-2021-035

Date: 
2021-September-22
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default

This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed.

The module does not take the correct user permissions into account, allowing an attacker to delete and move terms.

The issue is mitigated by the fact that an attacker must have permission to create terms in the targeted vocabulary.

Search API attachments - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-034

Date: 
2021-September-22
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes.

The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code execution by a limited set of users.

File Extractor - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-033

Date: 
2021-September-22
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Default

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes.

The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code execution by a limited set of users.

Commerce Core - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2021-032

Date: 
2021-September-22
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

This module provides a system for building an ecommerce solution in their Drupal site.

The module doesn't sufficiently verify access to profile data in certain circumstances.

This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation.

Client-side Hierarchical Select - Moderately critical - Cross-site scripting - SA-CONTRIB-2021-031

Date: 
2021-September-22
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

The module provides a field widget for selecting taxonomy terms in a hierarchical fashion.

The module doesn't sanitize user input in certain cases, leading to a possible Cross-Site-Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to create or edit taxonomy terms to which the widget may apply.

User hash - Moderately critical - Cache poisoning - SA-CONTRIB-2021-030

Date: 
2021-September-22
Security risk: 
Moderately critical 12 ∕ 25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to create an individual hash for each user. These hashes can be used for authentication instead of the user's password, e.g. for views exporters.

The module doesn't sufficiently invalidate page output when the page_cache module is used.

This vulnerability is mitigated by the fact that an attacker must have a user hash that grants access to specific content and the attack must be timed to the reset of the page cache.

GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029

Date: 
2021-September-15
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13675

This advisory addresses a similar issue to Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008.

The GraphQL module allows file uploads through its HTTP API. The module does not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

This vulnerability is mitigated by four factors:

Entity Embed - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2021-028

Date: 
2021-September-15
Security risk: 
Moderately critical 11 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2020-13673

This advisory addresses a similar issue to Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006.

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.

Drupal core - Moderately critical - Access Bypass - SA-CORE-2021-010

Date: 
2021-September-15
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13677

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.

Sites that do not have the JSON:API module enabled are not affected.

This advisory is not covered by Drupal Steward.

Pages

Subscribe with RSS Subscribe to Security advisories