Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094
  • Date: Wed, 11 Dec 2019 20:04:21 +0000 (UTC)
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2019-094

Project: Modal Page [1]
Version: 8.x-2.48.x-2.38.x-2.28.x-2.18.x-2.0
Date: 2019-December-11
Security risk: *Moderately critical* 10∕25
AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default [2]
Vulnerability: Access bypass

Description: 
This project enables administrators to create modal dialogs.

The routes used by the module lacked proper permissions, allowing untrusted
users to access, create and modify modal configurations.

Solution: 
* If you use the Modal Page module 8.x-2.x, upgrade to 8.x-2.5 [3]
* Review user permissions after updating to ensure only trusted users have
access to manage modals.

Reported By: 
* Will Mowlam [4]

Fixed By: 
* Renato Gonçalves H [5]
* Thalles Ferreira [6]

Coordinated By: 
* Damien McKenna [7] of the Drupal Security Team


[1] https://www.drupal.org/project/modal_page
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/modal_page/releases/8.x-2.5
[4] https://www.drupal.org/user/232558
[5] https://www.drupal.org/user/3326031
[6] https://www.drupal.org/user/3589086
[7] https://www.drupal.org/u/damienmckenna

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094, security-news, 11.12.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang