it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018
- Date: Wed, 18 Apr 2018 18:54:48 +0000 (UTC)
- List-archive: <http://lists.drupal.org/pipermail/security-news/>
- List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2018-018
Project: Menu Import and Export [1]
Version: 8.x-1.0
Date: 2018-April-18
Security risk: *Critical* 17∕25
AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:Uncommon [2]
Vulnerability: Access bypass
Description:
This module helps in exporting and importing Menu Items via the
administrative interface.
The module does not properly restrict access to administrative pages,
allowing anonymous users to export and import menu links.
There is no mitigation for this vulnerability.
Solution:
Update to Menu Import and Export 8.x-1.2 [3].
Reported By:
* Nathan Dentzau [4]
Fixed By:
* Sandeep Reddy [5]
Coordinated By:
* Samuel Mortenson [6] of the Drupal Security Team
* Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/menu_export
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/menu_export/releases/8.x-1.2
[4] https://www.drupal.org/u/nathandentzau
[5] https://www.drupal.org/u/sandeepguntaka
[6] https://www.drupal.org/u/samuelmortenson
[7] https://www.drupal.org/u/mlhess
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018, security-news, 18.04.2018
Archiv bereitgestellt durch MHonArc 2.6.19.