Show advisories for only Drupal Core, only contributed projects, or only PSAs

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

Date: 
2020-June-17
Security risk: 
Critical 17 ∕ 25 AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2020-13664

Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.

An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability.

Windows servers are most likely to be affected.

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

Date: 
2020-June-17
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2020-13663

The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025

Date: 
2020-June-17
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

The Internationalization (i18n) module is a collection of modules to extend Drupal core multilingual capabilities and allows to build real life multilingual sites.

A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.

Open ReadSpeaker - Moderately critical - Cross site scripting - SA-CONTRIB-2020-024

Date: 
2020-June-10
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

This module enables you to add a configured ReadSpeaker button for text-to-speech for your site visitors.

The module doesn't sufficiently sanitize block configuration causing a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".

YubiKey - Less critical - Access bypass - SA-CONTRIB-2020-023

Date: 
2020-June-10
Security risk: 
Less critical 9 ∕ 25 AC:Complex/A:None/CI:None/II:None/E:Theoretical/TD:All

This module enables you to use a Yubikey device to protect your Drupal user account. YubiKey is a secure method for logging into many websites using a cryptographically secure USB token.

The module doesn't sufficiently implement login flood control when the module is configured for YubiKey OTP only. This allows an attacker to attempt many YubiKey OTP codes. However, a brute force attack on this code is not practical in most situations given the length and randomness of the OTP codes.

Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022

Date: 
2020-June-03
Security risk: 
Moderately critical 11 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All

This module provides a standardized solution for building API's so that external clients can communicate with Drupal.

The module's taxonomy term index resource doesn't take into consideration certain access control tags provided (but unused) by core, that certain contrib modules depend on.

This vulnerability is mitigated by the fact your site must have the taxonomy term index resource enabled, your site must have a contributed module enabled which utilizes taxonomy term access control, and an attacker must know your api endpoint's path.

Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021

Date: 
2020-May-27
Security risk: 
Highly critical 20 ∕ 25 AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All

This module enables you to force a password update when using password reset link.
The module doesn't sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user.

Commerce Core - Moderately critical - Access bypass - SA-CONTRIB-2020-020

Date: 
2020-May-27
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

Drupal Commerce is used to build eCommerce websites and applications. It's possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never assigned an owner.

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

Date: 
2020-May-20
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All
CVE IDs: 
CVE-2020-13662

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

Date: 
2020-May-20
Security risk: 
Moderately critical 10 ∕ 25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are

[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub.

Those advisories are:

Pages

Subscribe with RSS Subscribe to Security advisories