Hírolvasó

Floating Button Menu - Critical - Unsupported - SA-CONTRIB-2019-091

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.11
Project: Floating Button MenuDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Webform Multiple File Upload - Critical - Unsupported - SA-CONTRIB-2019-090

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.10
Project: Webform Multiple File UploadDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Commerce Ingenico - Critical - Unsupported - SA-CONTRIB-2019-089

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.10
Project: Commerce IngenicoDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

SendinBlue - Critical - Unsupported - SA-CONTRIB-2019-088

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.09
Project: SendinBlueDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Make Meeting Scheduler - Critical - Unsupported - SA-CONTRIB-2019-087

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.09
Project: Make Meeting SchedulerDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Webform Report - Critical - Unsupported - SA-CONTRIB-2019-086

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.08
Project: Webform ReportDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Nodequeue - Critical - Unsupported - SA-CONTRIB-2019-085

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.07
Project: NodequeueDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Taxonomy CSV import/export - Critical - Unsupported - SA-CONTRIB-2019-084

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.06
Project: Taxonomy CSV import/exportDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Feeds JSONPath Parser - Critical - Unsupported - SA-CONTRIB-2019-083

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.06
Project: Feeds JSONPath ParserDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Field Slideshow - Critical - Unsupported - SA-CONTRIB-2019-082

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.05
Project: Field SlideshowDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Bugsnag - Critical - Unsupported - SA-CONTRIB-2019-081

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.04
Project: BugsnagDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Noggin - Critical - Unsupported - SA-CONTRIB-2019-080

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.04
Project: NogginDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Bypass Form Validations - Critical - Unsupported - SA-CONTRIB-2019-079

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.03
Project: Bypass Form ValidationsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Nexus Theme - Critical - Unsupported - SA-CONTRIB-2019-078

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.02
Project: Nexus ThemeDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Frequently Asked Questions - Critical - Unsupported - SA-CONTRIB-2019-077

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 19.00
Project: Frequently Asked QuestionsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Administration Views - Critical - Unsupported - SA-CONTRIB-2019-076

Biztonsági figyelmeztetések (contrib) - 2019. november 13. 16.10
Project: Administration ViewsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Biztonsági figyelmeztetések (contrib) - 2019. november 6. 17.10
Project: Open SocialDate: 2019-November-06Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Insecure Session ManagementDescription: 

Open Social is a Drupal distribution for online communities. The included social_magic_login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account.

This vulnerability is mitigated by the fact the module social_magic_login needs to be enabled.

Solution: 

Install the latest version:

Alternatively, disable the module social_magic_login.

Also see the Open Social project page.

Reported By: 
  • Heine of the Drupal Security Team
Fixed By: Coordinated By: 
  • Heine of the Drupal Security Team

Booking and Availability Management Tools for Drupal - Moderately critical - Access Bypass - SA-CONTRIB-2019-074

Biztonsági figyelmeztetések (contrib) - 2019. október 16. 18.09
Project: Booking and Availability Management Tools for DrupalDate: 2019-October-16Security risk: Moderately critical 11∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access BypassDescription: 

The Bat module provides a foundation through which a wide range of availability management, reservation and booking use cases can be addressed.

The routes used to view events don't sufficiently guard access for non-privileged users. Specifically, a user with the 'View own' permission for bat events can view others' events as well.

Solution: 

Install the latest version:

  • If you use the bat module for Drupal 8.x, upgrade to bat 8.x-1.2

Also see the Booking and Availability Management Tools for Drupal project page.

Reported By: Fixed By: Coordinated By: 

Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

Biztonsági figyelmeztetések (contrib) - 2019. október 9. 17.54
Project: MaxlengthDate: 2019-October-09Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: 

This module enables you to set a maximum length allowed on text fields and indicate how many characters are left.

The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact the malicious script will not be triggered in the browser of UID 1 nor any user with "Bypass maxlength setting".

Solution: 

Install the latest version:

Also see the Maxlength project page.

Reported By: Fixed By: Coordinated By: 

Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072

Biztonsági figyelmeztetések (contrib) - 2019. október 2. 19.24
Project: Localization updateDate: 2019-October-02Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Insecure server configurationDescription: 

This module enables you to automatically download and update the site's interface translation by fetching them from localize.drupal.org or any other Localization server.

The module doesn't sufficiently protect the directory it stores translation files in. It's conventional for directories which may be writeable to be protected by a .htaccess file to prevent malicious PHP files placed within them being executed by the webserver. This vulnerability is mitigated by the fact that an attacker typically wouldn't be able to place a malicious file in the module's storage directory.

Solution: 

Install the latest version:

Also see the Localization update project page.

Reported By: Fixed By: Coordinated By: