Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051
  • Date: Wed, 29 May 2019 17:50:36 +0000 (UTC)
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2019-051

Project: TableField [1]
Version: 7.x-3.x-dev7.x-2.x-dev
Date: 2019-May-29
Security risk: *Moderately critical* 13∕25
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2]
Vulnerability: Access bypass and Cross Site Scripting

Description: 
This module allows you to attach tabular data to an entity.

*Access bypass*

There's no access check for users with an "Export Tablefield Data as CSV".
They can export data from unpublished nodes or otherwise inaccessible
entities.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission 'Export Tablefield Data as CSV'.

*XSS*

When "Raw data (JSON or XML)" is used in the field's Display settings, it
doesn't sanitize JSON output before passing it on to be rendered.

This vulnerability is mitigated by the fact that an attacker must have a role
with Edit permissions.

Solution: 
Install the latest version:

* If you use a Tablefield module version 7.x-2.x, upgrade to tablefield
7.x-3.5 [3].
* If you use a Tablefield module version 7.x-3.x, upgrade to tablefield
7.x-2.8 [4].

Also see the TableField [5] project page.

Reported By: 
* Yonatan Offek [6]

Fixed By: 
* Yonatan Offek [7]
* Jen Lampton [8]
* Martin Postma [9]

Coordinated By: 
* Greg Knaddison [10] of the Drupal Security Team


[1] https://www.drupal.org/project/tablefield
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/tablefield/releases/7.x-3.5
[4] https://www.drupal.org/project/tablefield/releases/7.x-2.8
[5] https://www.drupal.org/project/tablefield
[6] https://www.drupal.org/user/194009
[7] https://www.drupal.org/user/194009
[8] https://www.drupal.org/user/85586
[9] https://www.drupal.org/user/210402
[10] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051, security-news, 29.05.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang