Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015
  • Date: Wed, 17 May 2023 17:26:54 +0000 (UTC)
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=pass (mail.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 2605:bc80:3010::138 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 6514B83F03
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C3ACC81585
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org C8C3A607C0
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 142366072A
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2023-015

Project: File Chooser Field [1]
Date: 2023-May-17
Security risk: *Moderately critical* 14∕25
AC:Basic/A:User/CI:Some/II:None/E:Exploit/TD:All [2]
Vulnerability: Server Side Request Forgery, Information Disclosure

Description: 
The File Chooser Field allows users to upload files using 3rd party plugins
such as Google Drive and Dropbox.

This module fails to validate user input sufficiently which could under
certain circumstances lead to a Server Side Request Forgery (SSRF)
vulnerability leading to Information Disclosure. In uncommon configurations
and scenarios, it might lead to Remote Code Execution.

Solution: 
* If you use File Chooser Field version 7.x-1.x, Upgrade to 7.x-1.13 [3]

Reported By: 
* Drew Webber [4] of the Drupal Security Team
* George Hazlewood [5]

Fixed By: 
* Drew Webber [6] of the Drupal Security Team
* aaron.ferris [7]

Coordinated By: 
* Greg Knaddison [8] of the Drupal Security Team


[1] https://www.drupal.org/project/file_chooser_field
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/file_chooser_field/releases/7.x-1.13
[4] https://www.drupal.org/user/255969
[5] https://www.drupal.org/user/2314
[6] https://www.drupal.org/user/255969
[7] https://www.drupal.org/user/1338234
[8] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015, security-news, 17.05.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang