Show advisories for only Drupal Core, only contributed projects, or only PSAs

Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036

Date: 
2024-September-04
Security risk: 
Critical 15 ∕ 25 AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13272

This module enables field collections to be displayed as tables. It supports display suite and field permissions and provides operations (modify, delete, duplicate).

This module has multiple vulnerabilities due to the requirements on the routes it provides not being restrictive enough.

Information disclosure

Several routes only checked for the 'access content' permission before displaying a paragraph, and did not check whether the user should actually have access to view the paragraph in question.

Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035

Date: 
2024-September-04
Security risk: 
Moderately critical 11 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13271

This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle.

The module doesn't properly check the user access to the original entity, allowing users to create a new entity (they have permission to create) pre-filled with content from another entity of the same type and bundle that they would normally not have access to.

This vulnerability is mitigated by the fact that an attacker must have the permission to create content of the type of the entity to clone.

Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034

Date: 
2024-September-04
Security risk: 
Moderately critical 12 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13270

This module enables you to configure a wiki-like input filter that allows users to create links to site and external content.

The module doesn't sufficiently check if a user has access to some URLs before rendering them as links.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access content" (which is commonly assigned to all roles), and the site must be configured to disallow access to certain content.

Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033

Date: 
2024-August-28
Security risk: 
Moderately critical 14 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13269

This module enables you to cache pages for logged in users at the Varnish level.

The Varnish bin names may be guessable when no hashing noise configuration is set on the module configuration page, which would ultimately allow any user to view cached pages that were intended for other roles when guessing such a bin name.

Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Date: 
2024-August-21
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13268

The Opigno module is related to Opigno LMS distribution. Opigno Scorm submodule exposes an API for extracting and handling SCORM packages.

Uploaded files were not sufficiently validated to prevent arbitrary file uploads, which could lead to Remote Code Execution (RCE) and/or Cross Site Scripting (XSS).

This vulnerability is mitigated by the fact that it affected only specific activity types.

Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

Date: 
2024-August-21
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13267

The Opigno TinCan Question Type module is related to Opigno LMS distribution. The module adds a new question type for the Quiz module. With this new question type, you will be able to import TinCan Packages to your Drupal instance and to use it as a question.

Uploaded files were not sufficiently validated to prevent arbitrary file uploads, which could lead to Remote Code Execution (RCE) and/or Cross Site Scripting (XSS).

This vulnerability is mitigated by the fact that it requires the attacker have a role with the permission to create or edit "TinCan Package" content type.

Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

Date: 
2024-August-21
Security risk: 
Moderately critical 13 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-13266

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths.

The module doesn't respect custom node access restrictions implemented through hook_ENTITY_TYPE_access hooks meaning the titles of restricted nodes can appear in the menu.

Only sites with modules that implement hook_ENTITY_TYPE_access to restrict access to nodes are effected.

Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Date: 
2024-August-07
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default
CVE IDs: 
CVE-2024-13265

The Opigno Learning Path module enables you to manage group content.

Administrative forms allow uploading malicious files which may contain arbitrary code (RCE) or cross site scriptiong (XSS). These forms were not adequately controlled with permissions that communicate the severity of the permission.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Manage group content in any group".

Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028

Date: 
2024-August-07
Security risk: 
Critical 15 ∕ 25 AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Uncommon
CVE IDs: 
CVE-2024-13264

The Opigno module is related to Opigno LMS distribution. It implements the module entity, that is a sub-part of a training.

In the opigno_module module, uploaded files were not sufficiently validated to prevent arbitrary file uploads, which could lead to Remote Code Execution (RCE) and/or Cross Site Scripting (XSS).

This vulnerability is mitigated by the fact that it requires the attacker have a role with the permission "create opigno tincan activities".

Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

Date: 
2024-August-07
Security risk: 
Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All
CVE IDs: 
CVE-2024-13263

The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one.

An administration form allows execution of arbitrary code.

This issue is mitigated by several factors. First, it requires the attacker have the permission "update group learning_path". Additionally, it requires several steps and depends on other data in the system to be in place.

Pages

Subscribe with RSS Subscribe to Security advisories