Show advisories for only Drupal Core, only contributed projects, or only PSAs

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Date: 
2020-August-05
Security risk: 
Moderately critical 11 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.

This vulnerability is mitigated by the fact that you must already have a rare set-up and the two group types are configured in a way where one is more permissive than the other over the same type of content.

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Date: 
2020-August-05
Security risk: 
Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Date: 
2020-July-29
Security risk: 
Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon

Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites.

Given that

  • Aegir can use both Apache and Nginx Web servers,
  • Apache allows configuration-writing users to escalate their privileges to the superuser root, and
  • Aegir's operations are performed by the GNU/Linux user aegir,

It follows that:

Group - Critical - Information Disclosure - SA-CONTRIB-2020-030

Date: 
2020-July-29
Security risk: 
Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to hand out permissions on a smaller subset, section or community of your website.

The module used to leverage the node grants system but turned it off in its recent 8.x-1.0 release in favor of a system that works for ALL entity types, not just nodes. By doing so, some regular node access checks turned from neutral into allowed because of the way the node grants system operates.

Modal Form - Critical - Access bypass - SA-CONTRIB-2020-029

Date: 
2020-July-22
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All

The Modal form module is a toolset for quick start of using forms in modal windows.

Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the form's fully-qualified class name.

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2020-028

Date: 
2020-July-22
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default

The Apigee Edge module allows connecting a Drupal site to Apigee Edge in order to build a developer portal. It contains an "Apigee Edge Teams" submodule that provides shared app functionality by allowing developers to be organized into teams.

The "Apigee Edge Teams" submodule has an information disclosure vulnerability. The "Add team member" form displays an email autocomplete field which can expose the email addresses of other accounts in the system.

Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027

Date: 
2020-July-22
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

This module enables you to use the current URL (path alias) and the current page's title to automatically extract the breadcrumb's segments and its respective links then show them as breadcrumbs on your website.

The module doesn't sufficiently sanitize editor input in certain circumstances leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability requires the user have 'administer Easy Breadcrumb settings permission'.

Renderkit - Less critical - Access bypass - SA-CONTRIB-2020-026

Date: 
2020-July-01
Security risk: 
Less critical 9 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

The renderkit module contains components which can transform the display of field items sent to it.

Some of these components do not respect the '#access' property on the field render element, and thus can make rendered field values visible to visitors who would otherwise not be allowed to see those field values.

This only occurs if all of the following conditions are true:

Extending Drupal 7's End-of-Life - PSA-2020-06-24

Date: 
2020-June-24

This PSA has been superceded by: https://www.drupal.org/psa-2022-02-23

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

Date: 
2020-June-17
Security risk: 
Less critical 8 ∕ 25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2020-13665

JSON:API PATCH requests may bypass validation for certain fields.

By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Pages

Subscribe with RSS Subscribe to Security advisories