Show advisories for only Drupal Core, only contributed projects, or only PSAs

Panopoly Core - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-093

Date: 
2017-December-13
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

This module provides common functionality used by other modules in the Panopoly distribution and child distributions, like, Open Atrium.

The module doesn't sufficiently filter node titles used in breadcrumbs when the "Append Page Title to Site Breadcrumb" setting is enabled.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content.

Node feedback - Moderately critical - Access Bypass - SA-CONTRIB-2017-092

Date: 
2017-December-06
Security risk: 
Moderately critical 12 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default

This module enables you to set nodes to send feedbacks by personal/site wide contact forms.
The module doesn't sufficiently handle the access to nodes whose titles will be shown on contact forms.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Use the site-wide contact form" or "Use users' personal contact forms" which is often assigned to untrusted user roles such as anonymous.

Configuration Update Manager - Moderately critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-091

Date: 
2017-December-06
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:Default

The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration.

This module doesn't sufficiently protect the Import operation, thereby exposing a Cross Site Request Forgery (CSRF) vulnerability which can be exploited by unprivileged users to trick an administrator into unwanted import of configuration.

Feedback Collect - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-090

Date: 
2017-December-06
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

This module enables you to add feedback forms and gather end user feedback, bug reports or any kind of suggestions. 

The module doesn't sufficiently filter output of its own fields under the scenario of creating or editing feedback-collect content types.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "create feedback-collect content" or its related editing permissions.

Mailhandler - Critical - Remote Code Execution - SA-CONTRIB-2017-089

Date: 
2017-December-06
Security risk: 
Critical 17 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:All

The Mailhandler module enables you to create nodes by email.

The Mailhandler module does not validate file attachments. By sending a correctly crafted e-mail to a mailhandler mailbox an attacker can execute arbitrary code.

The vulnerability applies to any active mailhandler mailbox, whether or not attachments are mapped to a field.

Mitigating factors:

bootstrap_carousel - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-088

Date: 
2017-November-29
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

This module provides a way to make carousels, based on bootstrap-carousel.js.

The module doesn't sufficiently handle output of img HTML tag's alt property.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any similar node module permissions for creating/editing/removing the module-delivered content type.

Services single sign-on client - Critical - Cross-site scripting - SA-CONTRIB-2017-087

Date: 
2017-November-29
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All

This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials.

The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability.

Cloud - Critical - CSRF - SA-CONTRIB-2017-086

Date: 
2017-November-29
Security risk: 
Critical 18 ∕ 25 AC:None/A:User/CI:Some/II:All/E:Theoretical/TD:All

This module enables sites to manage public clouds like Amazon EC2 and also private clouds like OpenStack.

The module doesn't sufficiently protect the deletion of audit reports, thereby exposing a cross-site request vulnerability which can be exploited by unprivileged users to trick an administrator into unwanted deletion of audit reports.

This vulnerability is mitigated by the fact that the victim must have a role with the permission "access audit report".

MoneySuite - Moderately critical - Access bypass - SA-CONTRIB-2017-085

Date: 
2017-November-29
Security risk: 
Moderately critical 14 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default

MoneySuite provides a set of modules for Drupal sites that rely on the sale of memberships and/or content for revenue.

The modules have an access bypass vulnerability which allows untrusted users (including anonymous users) to view payments made by users within the system. No data can be modified, nor are any credit card numbers displayed.

Domain Integration (Drupal 7) - Moderately critical - Access bypass - SA-CONTRIB-2017-084

Date: 
2017-November-29
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to integrate the Domain module with other popular Drupal modules. The Domain Integration Login Restrict sub-module enables you to restrict access to a domain based on the assigned domains on a user.

The Domain Integration Login Restrict sub-module doesn't sufficiently check these restrictions when using one-time logins.

This vulnerability is mitigated by the fact that an attacker must have an active account on one of the domains.

Pages

Subscribe with RSS Subscribe to Security advisories