[IT-SecNots] [Security-news] GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2018-075

Project: GatherContent [1]
Date: 2018-November-28
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Description: 
This module enables you to import and export data from the GatherContent
service.

The module didn't properly protect its administrative paths.

Solution: 
  * gathercontent 7.x versions prior to 7.x-3.5.

Drupal core is not affected. If you do not use the contributed GatherContent
[3] module, there is nothing you need to do.

-------- SOLUTION
------------------------------------------------------------

Install the latest version:

  * If you use the gathercontent module for Drupal 7.x, upgrade to
    gathercontent 7.x-3.5 [4]

Reported By: 
  * Francisco Rodriguez   [5]

Fixed By: 
  * Roland Kovacsics  [6]

Coordinated By: 
  * Michael Hess [7] of the Drupal Security Team
  * Greg Knaddison [8] of the Drupal Security Team



[1] https://www.drupal.org/project/gathercontent
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/gathercontent
[4] https://www.drupal.org/project/gathercontent/releases/7.x-3.5
[5] https://www.drupal.org/user/2744561
[6] https://www.drupal.org/user/3528385
[7] https://www.drupal.org/u/mlhess
[8] https://www.drupal.org/u/greggles

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news