[IT-SecNots] [Security-news] Facebook Messenger Customer Chat Plugin - Critical - Access bypass - SA-CONTRIB-2019-059

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2019-059

Project: Facebook Messenger Customer Chat Plugin [1]
Date: 2019-July-24
Security risk: *Critical* 16∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Description: 
The Facebook Messenger Customer Chat Plugin module enables you to add the
Facebook Messenger Customer Chat Plugin to your Drupal site.

The module doesn't require user permissions on the admin page.

Solution: 
Install the latest version:

  * If you use the Facebook Messenger Customer Chat Plugin module for Drupal
    7.x, upgrade to Facebook Messenger Customer Chat Plugin 7.x-1.1 [3]

Also see the Facebook Messenger Customer Chat Plugin [4] project page.

Reported By: 
-------- REPORTED BY
---------------------------------------------------------

  * Marcelo Vani  [5]

Fixed By: 
  * Marcelo Vani  [6]

Coordinated By: 
  * Michael Hess [7] of the Drupal Security Team
  * Greg Knaddison [8] of the Drupal Security Team


[1] https://www.drupal.org/project/fb_messenger_customer_chat_plugin
[2] https://www.drupal.org/security-team/risk-levels
[3]
https://www.drupal.org/project/fb_messenger_customer_chat_plugin/releases/7.x-1.1
[4] https://www.drupal.org/project/fb_messenger_customer_chat_plugin
[5] https://www.drupal.org/user/854220
[6] https://www.drupal.org/user/854220
[7] https://www.drupal.org/user/102818
[8] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news