logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006


IT Security Nachrichten vom | Direktlink: drupal.org Nachrichten Bewertung

  • Advisory ID: DRUPAL-SA-CORE-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17

Description

Content moderation - Moderately critical - Access bypass - Drupal 8

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

ModerationStateConstraintValidator
Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.
StateTransitionValidationInterface
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

Reported by

Fixed by

External URL injection through URL aliases - Moderately Critical - Open Redirect - Drupal 7 and Drupal 8

The path module allows users with the 'administer paths' to create pretty URLs for content.

In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

Reported by

Fixed by

Anonymous Open Redirect - Moderately Critical - Open Redirect - Drupal 8

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability has been publicly documented.

RedirectResponseSubscriber event handler removal

As part of the fix, \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.

Reported by

Fixed by

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution - Drupal 7 and Drupal 8

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Reported by

Fixed by

Contextual Links validation - Critical - Remote Code Execution - Drupal 8

The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Reported by

Fixed by

Solution

Upgrade to the most recent version of Drupal 7 or 8 core.

Minor versions of Drupal 8 prior to 8.5.x are not supported and do not receive security coverage, so sites running older versions should update to the above 8.5.x release immediately. 8.5.x will receive security coverage until May 2019.

...

https://www.drupal.org/sa-core-2018-006

Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006






➤ Ähnliche Beiträge

  • 1.

    [SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

    vom 676.69 Punkte ic_school_black_18dp
    Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following app
  • 2.

    [SA-CORE-2019-002] Arbitrary PHP code execution

    vom 623.28 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated
  • 3.

    Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

    vom 540.53 Punkte ic_school_black_18dp
    Project:  Drupal core Version:  8.4.x-dev 7.x-dev Date:  2018-February-21 Security risk:  Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:Default Vulnerability:  Multiple Vulnerabilities Description:  This security
  • 4.

    [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete

    vom 525.99 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vu
  • 5.

    External URL injection through URL aliases

    vom 445.67 Punkte ic_school_black_18dp
    In certain circumstances the user could enter a particular path that triggered an open redirect to a malicious URL. While this issue was mitigated by the fact that the user needed the administer paths permission to exploit, the path module has been patch
  • 6.

    Injection in DefaultMailSystem::mail()

    vom 445.67 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 7.

    [CVE-2016-3169] Saving user accounts could sometimes grant the user all roles

    vom 425.47 Punkte ic_school_black_18dp
    A hacker may acquire administrator rights using a custom Drupal module hat performs a form rebuild during submission of the user profile form. Part of security release SA-CORE-2016-001 This vulnerability affects the following application versions: Dr
  • 8.

    Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

    vom 419.29 Punkte ic_school_black_18dp
    Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities. Download Drupal 8.3.4 Download Drupal 7.56 Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for D
  • 9.

    Remote Code Execution vulnerability within multiple subsystem

    vom 416.24 Punkte ic_school_black_18dp
    A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allowed attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. Part of securit
  • 10.

    Drupal bis 7.51 Confirmation Form Redirect erweiterte Rechte

    vom 416.08 Punkte ic_school_black_18dp
    Es wurde eine Schwachstelle in Drupal bis 7.51 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist eine unbekannte Funktion der Komponente Confirmation Form. Dank Manipulation mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schw
  • 11.

    Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

    vom 395.91 Punkte ic_school_black_18dp
    Advisory ID: DRUPAL-SA-CORE-2018-006 Project: Drupal core Version: 7.x, 8.x Date: 2018-October-17 Description Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain tran
  • 12.

    Drupal bis 7.40 Overlay Module Redirect

    vom 382.15 Punkte ic_school_black_18dp
    Eine Schwachstelle wurde in Drupal bis 7.40 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine unbekannte Funktion der Komponente Overlay Module. Durch das Beeinflussen mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schwachstelle (Redirect)