Show advisories for only Drupal Core, only contributed projects, or only PSAs

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

Date: 
2020-November-18
Security risk: 
Critical 17 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities.

Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can added back in the future.

Drupal OAuth Server ( OAuth / OIDC Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034

Date: 
2020-October-14
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:Default

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.

The 8.x branch of the module is vulnerable to SQL injection.

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

Date: 
2020-September-16
Security risk: 
Moderately critical 12 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13670

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

Date: 
2020-September-16
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13667

The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace.

The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content.

This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

Date: 
2020-September-16
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13669

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

Date: 
2020-September-16
Security risk: 
Critical 15 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2020-13688

Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.

An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

Date: 
2020-September-16
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
CVE IDs: 
CVE-2020-13666

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Date: 
2020-August-05
Security risk: 
Moderately critical 11 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.

This vulnerability is mitigated by the fact that you must already have a rare set-up and the two group types are configured in a way where one is more permissive than the other over the same type of content.

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Date: 
2020-August-05
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Date: 
2020-July-29
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon

Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites.

Given that

  • Aegir can use both Apache and Nginx Web servers,
  • Apache allows configuration-writing users to escalate their privileges to the superuser root, and
  • Aegir's operations are performed by the GNU/Linux user aegir,

It follows that:

Pages

Subscribe with RSS Subscribe to Security advisories