it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Not critical - SQL Injection - SA-CONTRIB-2020-034
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Not critical - SQL Injection - SA-CONTRIB-2020-034
- Date: Wed, 14 Oct 2020 18:32:15 +0000 (UTC)
- List-archive: <http://lists.drupal.org/pipermail/security-news/>
- List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2020-034
Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) [1]
Date: 2020-October-14
Vulnerability: SQL Injection
Description:
This module enables you login into any OAuth 2.0 compliant application using
Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.
Solution:
Install the latest version:
* If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to
8.x-1.1 [2]
Reported By:
* Jakub Piasecki [3]
Fixed By:
* Gaurav Sood [4]
* Greg Knaddison [5] of the Drupal Security Team
* Samuel Mortenson [6] of the Drupal Security Team
Coordinated By:
* Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/oauth_server_sso
[2] https://www.drupal.org/project/oauth_server_sso/releases/8.x-1.1
[3] https://www.drupal.org/user/1532844
[4] https://www.drupal.org/user/3288491
[5] https://www.drupal.org/user/36762
[6] https://www.drupal.org/user/2582268
[7] https://www.drupal.org/u/mlhess
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Not critical - SQL Injection - SA-CONTRIB-2020-034, security-news, 14.10.2020
Archiv bereitgestellt durch MHonArc 2.6.19.