Show advisories for only Drupal Core, only contributed projects, or only PSAs

JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081

Date: 
2018-December-19
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.

The module doesn't sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. (This means certain GET requests are vulnerable; no POST, PATCH or DELETE requests are vulnerable.)

E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080

Date: 
2018-December-19
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

This module allows for integration of Signature Pad, an electronic-signing
script, into Drupal for both nodes (content), the Field API (FAPI), and Webforms.

The module doesn't sufficiently filter user input when displaying a signature.

The vulnerability is mitigated by the fact that an attacker must have the ability to submit a signature. That permission might be associated with submitting a webform or creating or editing a node depending on site configuration.

Responsive Menus - Moderately critical - Cross site scripting - SA-CONTRIB-2018-079

Date: 
2018-December-05
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

This module enables you to collapse your sites main menu on mobile, and show a menu toggle button.

The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer responsive menus".

Salesforce Suite - Moderately critical - Access bypass - SA-CONTRIB-2018-078

Date: 
2018-December-05
Security risk: 
Moderately critical 14 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default

This module enables Drupal to synchronize entities with Salesforce records. The module includes a page that does not sufficiently protect access rights, resulting in potential information disclosure.

This vulnerability is mitigated by the fact that only Drupal entity title and IDs, and Salesforce record IDs are exposed. Entity content and metadata are appropriately protected. Disclosure of Salesforce ID does not confer any additional privileges.

Password Policy - Less critical - Denial of Service - SA-CONTRIB-2018-077

Date: 
2018-December-05
Security risk: 
Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default

The Password Policy module makes it possible to set constraints on user passwords which disallow certain passwords.

The "digit placement" constraint is vulnerable to Denial of Service attacks if an attacker submits specially crafted passwords which can cause a site to become unresponsive.

This vulnerability is mitigated by the fact that a site must have the "digit placement" constraint enabled.

Date Reminder - Moderately critical - Access bypass - SA-CONTRIB-2018-076

Date: 
2018-November-28
Security risk: 
Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default

This module allows registered users to request email reminders to be sent at a specified time before an event.

The module doesn't sufficiently check access to nodes, allowing a user to set a reminder on a node that the user shouldn't be able to access.

This can be mitigated with configuring DateReminder with Reminder Display: "Fieldset within a node" disables the potential exploit.

GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075

Date: 
2018-November-28
Security risk: 
Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All

This module enables you to import and export data from the GatherContent service.

The module didn't properly protect its administrative paths.

Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074

Date: 
2018-November-28
Security risk: 
Moderately critical 11 ∕ 25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon

This base theme bridges the gap between Drupal and the Bootstrap Framework.

The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips.

This vulnerability is mitigated by the fact that an attacker must already have the ability to either:

Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073

Date: 
2018-October-31
Security risk: 
Moderately critical 10 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon

The Paragraphs module allows Drupal Site Builders to make content organization cleaner so that you can give more editing power to end-users.

The module doesn't sufficiently check access to create new paragraph entities which can cause access bypass issues when used in combination with other contributed modules.

Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072

Date: 
2018-October-31
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All

The session limit module enables a site administrator to set a policy around the number of active sessions users of the site may have. This is typically set to one so that you can only be logged in once with the same user account.

In one configuration of the module, when a user logs in with another session elsewhere already active, the module asks the user which session should be closed before they can proceed with login. The module does not sufficiently tokenise the list of sessions so that the user's session keys can be found through inspection of the form.

Pages

Subscribe with RSS Subscribe to Security advisories