Show advisories for only Drupal Core, only contributed projects, or only PSAs

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012

Date: 
2019-December-18
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Proof/TD:Uncommon

The Drupal project uses the third-party library Archive_Tar, which has released a security improvement that is needed to protect some Drupal configurations.

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011

Date: 
2019-December-18
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

Date: 
2019-December-18
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:Admin/CI:Some/II:All/E:Theoretical/TD:Default

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.

After this fix, file_save_upload() now trims leading and trailing dots from filenames.

Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009

Date: 
2019-December-18
Security risk: 
Moderately critical 12 ∕ 25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:All

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

Date: 
2019-December-11
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default

This module enables you to create forms to collect information from users and report, analyze and distribute it by email.

The 7.x-3.x module doesn't sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can inject JavaScript into a page.

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-095

Date: 
2019-December-11
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

The Permissions by Term module extends Drupal by functionality for restricting access to single nodes via taxonomy terms.

The module doesn't sufficiently restrict access to node previews, when the Search API module is used to display nodes in search result lists.

Modal - Moderately critical - Access bypass - SA-CONTRIB-2019-094

Date: 
2019-December-11
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default

This project enables administrators to create modal dialogs.

The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations.

Taxonomy access fix - Moderately critical - Access bypass - SA-CONTRIB-2019-093

Date: 
2019-December-11
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All

This module extends access handling of Drupal Core's Taxonomy module.

The module doesn't sufficiently check,

  • if a given entity should be access controlled, defaulting to allowing access even to unpublished Taxonomy Terms.
  • if certain administrative routes should be access controlled, defaulting to allowing access even to users without permission to access these administrative routes.

The vulnerability is mitigated by the facts, that

Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092

Date: 
2019-December-11
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

The Smart Trim module allows site builders additional control with text summary fields.

The module doesn't sufficiently filter text when certain options are selected.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when certain options are selected for the trimmed output.

Floating Button Menu - Critical - Unsupported - SA-CONTRIB-2019-091

Date: 
2019-November-13
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Pages

Subscribe with RSS Subscribe to Security advisories