Show advisories for only Drupal Core, only contributed projects, or only PSAs

SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006

Date: 
2021-April-28
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site.

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Date: 
2021-April-21
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13672

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Fast Autocomplete - Moderately critical - Access bypass - SA-CONTRIB-2021-005

Date: 
2021-March-17
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

The Fast Autocomplete module provides fast IMDB-like suggestions below a text input field. Suggestions are stored as JSON files in the public files folder so that they can be provided to the browser relatively fast without the need for Drupal to be bootstrapped.

The module doesn't correctly generate certain hashes when the configuration option "Perform search as anonymous user only" is switched from the default on value to off.

Webform - Moderately critical - Access bypass - SA-CONTRIB-2021-004

Date: 
2021-March-03
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Exploit/TD:Default

The Webform module for Drupal 8/9 includes a default Contact webform, which sends a notification email to the site owner and a confirmation email to the email address supplied via the form.

The confirmation email can be used as an open mail relay to send an email to any email address.

Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Date: 
2021-January-27
Security risk: 
Less critical 9 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.

When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group, rather than a direct ancestor or descendant. Trees with only multiple nodes at the lowest tier (or nowhere) are unaffected.

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

Date: 
2021-January-27
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file.

The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a selected user in certain scenarios.

This vulnerability is mitigated by the fact that an attacker must have the authenticated user role and the site must have the configuration set in such a way a logged in user is able to export users.

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-001

Date: 
2021-January-27
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

The optional Social Auth Extra module enables you to use the single sign-on methods provided by Open Social e.g. Facebook, LinkedIn, Google and Twitter.

The module doesn't implement a proper cache strategy for anonymous users allowing the registration form to be cached with disclosed information in certain scenarios. The information is usually only available for logged-in users of the community.

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001

Date: 
2021-January-20
Security risk: 
Critical 18 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon

The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

Date: 
2020-November-25
Security risk: 
Critical 18 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon
CVE IDs: 
CVE-2020-28949
CVE-2020-28948

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038

Date: 
2020-November-18
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All

This module enables your users residing at a SAML 2.0 compliant Identity Provider to login to your Drupal website.

The module has two Authentication Bypass vulnerabilities.

Pages

Subscribe with RSS Subscribe to Security advisories