[IT-SecNots] [Security-news] Drupal voor Gemeenten - Moderately critical - Access Bypass - SA-CONTRIB-2019-031

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2019-031

Project: Drupal voor Gemeenten [1]
Date: 2019-March-06
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access Bypass

Description: 
The DvG distrubition contains the feature module dvg_domains to support
multiple domains.

When the dvg_domains feature module is enabled, anonymous users are able to
access some administration pages and change the settings exposed on those
pages.

This issue can be mitigated by disabling the dvg_domains module.

Solution: 
Install the latest version:

  * If you use the module dvg_domains from the DvG distribution upgrade to 
DvG
    7.x-1.9 [3]

Reported By: 
  * Bernard Skibinski  [4]

Fixed By: 
  * paulvandenburg  [5]

Coordinated By: 
  * Greg Knaddison [6] of the Drupal Security Team


[1] https://www.drupal.org/project/dvg
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/dvg/releases/7.x-1.9
[4] https://www.drupal.org/user/807452
[5] https://www.drupal.org/user/3304805
[6] https://www.drupal.org/u/greggles

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news