Show advisories for only Drupal Core, only contributed projects, or only PSAs

Commerce Core - Moderately critical - Access bypass - SA-CONTRIB-2018-057

Date: 
2018-August-29
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This module enables you to build eCommerce websites and applications with Drupal.

The module doesn't sufficiently check access for some of its entity types.

File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056

Date: 
2018-August-15
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:Default

This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.

The module doesn't sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code.

This vulnerability is mitigated by the fact that an attacker must have access to a form containing a widget processed by this module.

PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055

Date: 
2018-August-08
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:All

This module enables you to add or overwrite PHP configuration on a drupal website.

The module doesn't sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer phpconfig".

After updating the module, it's important to review the permissions of your website and if 'administer phpconfig' permission is given to a not fully trusted user role, we advise to revoke it.

Drupal Core - 3rd-party libraries -SA-CORE-2018-005

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2018-005
  • Project: Drupal core
  • Version: 8.x
  • CVE: CVE-2018-14773
  • Date: 2018-August-01
Categories: Drupal 8.x

Drupal 8 release on August 1st, 2018 - PSA-2018-07-30

Date: 
2018-July-30

The Drupal Security Team will be coordinating a security release for Drupal 8 this week on Wednesday, August 1, 2018. (We are issuing this PSA in advance because the in the regular security release window schedule, August 1 would not typically be a core security window.)

The Drupal 8 core release will be made between 16:00 – 21:00 UTC (noon – 5:00pm EDT). It is rated as moderately critical and will be an update to a vendor library only.

Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054

Date: 
2018-July-25
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value.

The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used.

This vulnerability is mitigated by the fact that an attacker must have access to edit a field that is displayed through the "Select or other" formatter.

XML sitemap - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053

Date: 
2018-July-18
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

This module enables you to generate XML sitemaps and it helps search engines to more intelligently crawl a website and keep their results up to date.

The module doesn't sufficiently handle access rights under the scenario of updating contents from cron execution.

Taxonomy Entity Queue - Critical - SQL Injection - SA-CONTRIB-2018-052

Date: 
2018-July-18
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:All

This module enables you to create an entityqueue based on a taxonomy.

The module did not properly use Drupal's database API when querying the database with user supplied values, allowing an attacker to send a specially crafted request to modify the query or potentially perform additional queries.

This vulnerability is mitigated by the fact that an attacker must have a role with the "administer entity queue taxonomy" permission.

Tapestry - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-051

Date: 
2018-July-11
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This theme provides Drupal users with many advanced features including 20 Different Color Styles, 30 User Regions, Custom Block Theme Templates, Suckerfish Menus, Icon Support, Advanced Page Layout Options, Simple Configuration, Custom Typography...

The theme doesn't sufficiently sanitize user input.

This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and under certain site configurations.

litejazz - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-050

Date: 
2018-July-11
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This theme features 3 color styles, 12 fully collapsible regions, suckerfish menus, fluid or fixed widths, easy configuration, and more.

The theme doesn't sufficiently sanitize user input.

This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and under certain site configurations.

Pages

Subscribe with RSS Subscribe to Security advisories