Show advisories for only Drupal Core, only contributed projects, or only PSAs

S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057

Date: 
2022-September-28
Security risk: 
Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

This module enables you to utilize S3-compatible storage as a Drupal filesystem.

The module doesn't sufficiently prevent file access across multiple filesystem schemes stored in the same bucket.

This vulnerability is mitigated by the fact that an attacker must obtain a method to access arbitrary file paths, the site must have public or private takeover enabled, and the file metadata cache must be ignored.

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016

Date: 
2022-September-28
Security risk: 
Critical 18∕25 AC:Basic/A:Admin/CI:All/II:All/E:Proof/TD:All
CVE IDs: 
CVE-2022-39261

Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity.

Drupal core's code extending Twig has also been updated to mitigate a related vulnerability.

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-056

Date: 
2022-September-07
Security risk: 
Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default

This module enables you to set content permissions based on taxonomy terms.

The module doesn't sufficiently restrict access to translated and unpublished nodes.

This vulnerability is mitigated by the fact that it only affects sites with translated content.

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-055

Date: 
2022-September-07
Security risk: 
Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default

This module enables you to restrict content via taxonomy terms and related permissions.

The module doesn't sufficiently restrict cached content in certain circumstances.

This vulnerability is mitigated by the fact that it only occurs when multiple entity types are enabled in the module.

Next.js - Moderately critical - Access bypass - SA-CONTRIB-2022-054

Date: 
2022-September-07
Security risk: 
Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default

The Next.js module provides an inline preview for content. Authenticated requests are made to Drupal to fetch JSON:API content and render them in an iframe from the decoupled Next.js site.

The current implementation doesn’t sufficiently check access for fetching data. All requests made to Drupal are authenticated using a single scope with elevated content access. Users without access to content could be exposed to unauthorized content.

Commerce Elavon - Moderately critical - Access bypass - SA-CONTRIB-2022-053

Date: 
2022-August-24
Security risk: 
Moderately critical 11∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Default

This module enables you to accept payments from the Elavon payment provider.

The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment details.

This vulnerability is mitigated by the fact that an attacker must be able to spoof the Elavon DNS received by your site.

jQuery UI Checkboxradio - Moderately critical - Cross site scripting - SA-CONTRIB-2022-052

Date: 
2022-August-10
Security risk: 
Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Uncommon

jQuery UI is a third-party library used by Drupal. The jQuery UI Checkboxradio module provides the jQuery UI Checkboxradio library (which was previously in Drupal 8 core, but has since been removed from core and moved to this module).

As part of the jQuery UI 1.13.2 update, the jQuery UI project disclosed following security issue that may affect sites using the jQuery UI Checkboxradio module:

Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051

Date: 
2022-July-27
Security risk: 
Moderately critical 11∕25 AC:Complex/A:User/CI:None/II:Some/E:Exploit/TD:Uncommon

This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance.

The module doesn't sufficiently check access for the add operation. Users with permission to edit content can view and reference unpublished terms. The edit form may expose term data that users could not otherwise see, since there is no term view route by default.

PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050

Date: 
2022-July-27
Security risk: 
Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

This module enables you to generate PDF versions of content.

Some installations of the module make use of the dompdf/dompdf third-party dependency.

Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes.

Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049

Date: 
2022-July-27
Security risk: 
Moderately critical 12∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default

This module enables you to conditionally display blocks in particular theme regions.

The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".

Pages

Subscribe with RSS Subscribe to Security advisories