[IT-SecNots] [Security-news] Metatag - Moderately critical - Information disclosure - SA-CONTRIB-2019-058

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2019-058

Project: Metatag [1]
Date: 2019-July-24
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Information disclosure

Description: 
This module enables you to customize meta tags to help with a site's search
engine ranking and improve the display of page summaries when shared on
social networks.

The module doesn't sufficiently check for a site being in maintenance mode.

This vulnerability is mitigated by the fact that the site must be configured
to disallow access to certain content, and must be put into maintenance mode.


Solution: 
Install the latest version:

  * If you use the Metatag module for Drupal 8.x, upgrade to Metatag 8.x-1.9
    [3]

Also see the Metatag [4] project page.

Reported By: 
  * Shloma [5]

Fixed By: 
  * Damien McKenna [6] of the Drupal Security Team

Coordinated By: 
  * Damien McKenna [7] of the Drupal Security Team


[1] https://www.drupal.org/project/metatag
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/metatag/releases/8.x-1.9
[4] https://www.drupal.org/project/metatag
[5] https://www.drupal.org/user/2858019
[6] https://www.drupal.org/user/108450
[7] https://www.drupal.org/u/damienmckenna

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news