Show advisories for only Drupal Core, only contributed projects, or only PSAs

GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075

Date: 
2018-November-28
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to import and export data from the GatherContent service.

The module didn't properly protect its administrative paths.

Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074

Date: 
2018-November-28
Security risk: 
Moderately critical 11 ∕ 25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This base theme bridges the gap between Drupal and the Bootstrap Framework.

The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips.

This vulnerability is mitigated by the fact that an attacker must already have the ability to either:

Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073

Date: 
2018-October-31
Security risk: 
Moderately critical 10 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon

The Paragraphs module allows Drupal Site Builders to make content organization cleaner so that you can give more editing power to end-users.

The module doesn't sufficiently check access to create new paragraph entities which can cause access bypass issues when used in combination with other contributed modules.

Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072

Date: 
2018-October-31
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All

The session limit module enables a site administrator to set a policy around the number of active sessions users of the site may have. This is typically set to one so that you can only be logged in once with the same user account.

In one configuration of the module, when a user logs in with another session elsewhere already active, the module asks the user which session should be closed before they can proceed with login. The module does not sufficiently tokenise the list of sessions so that the user's session keys can be found through inspection of the form.

Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071

Date: 
2018-October-31
Security risk: 
Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.

The module doesn't sufficiently check access before displaying entity labels. This leads to the display of labels on entities that are not be accessible, for example; titles of unpublished content.

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-070

Date: 
2018-October-17
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2018-7603

This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc..).

The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.

Drupal 7.x and 8.x release on Oct 17th, 2018 - PSA-2018-10-17

Date: 
2018-October-17

The Drupal Security team has a core and contrib release window on the 3rd Wednesday of the month. This window normally ends at 5pm Eastern (9PM UTC).

Due to unforeseen circumstances, we are extending the current window we are in by 3 hours until Oct 17th, 2018 at 8pm Eastern (11:59PM UTC).

HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069

Date: 
2018-October-17
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:All

The HTML Mail module lets you theme your messages the same way you theme the rest of your website.

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

This issue is related to the Drupal Core release SA-CORE-2018-006.

Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068

Date: 
2018-October-17
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments.

The module doesn't sufficiently sanitized some variables for shell arguments when sending email, which could lead to arbitrary remote code execution.

This issue is related to the Drupal Core release SA-CORE-2018-006.

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17

Pages

Subscribe with RSS Subscribe to Security advisories