[IT-SecNots] [Security-news] SafeDelete - Moderately critical - Access bypass - SA-CONTRIB-2023-039

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2023-039

Project: SafeDelete [1]
Version: 
1.0.431.0.421.0.411.0.401.0.391.0.381.0.361.0.351.0.341.0.331.0.321.0.311.0.301.0.291.0.281.0.271.0.261.0.251.0.241.0.231.0.221.0.211.0.201.0.191.0.181.0.171.0.161.0.151.0.141.0.131.0.121.0.111.0.101.0.91.0.81.0.71.0.51.0.41.0.31.0.21.0.11.0.0
Date: 2023-August-23
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Affected versions: <1.0.44
Description: 
This module aims to prevent broken content references by informing content
editors either on delete or archive moderation.

The module provides an "orphaned content" report for broken references, which
may reveal titles of unpublished content.

Solution: 
Install the latest version:

  * If you use the SafeDelete module for Drupal 8/9 or 10, please upgrade to
    SafeDelete 1.0.44 [3]

Reported By: 
  * Christopher Hopper [4]

Fixed By: 
  * Joseph Olstad [5]
  * Cathy Theys [6] of the Drupal Security Team
  * James Yao [7]
  * Christopher Hopper [8]

Coordinated By: 
  * Cathy Theys [9] of the Drupal Security Team
  * Damien McKenna [10] of the Drupal Security Team
  * Greg Knaddison [11] of the Drupal Security Team


[1] https://www.drupal.org/project/safedelete
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/safedelete/releases/1.0.44
[4] https://www.drupal.org/user/116649
[5] https://www.drupal.org/user/1321830
[6] https://www.drupal.org/user/258568
[7] https://www.drupal.org/user/3644558
[8] https://www.drupal.org/user/116649
[9] https://www.drupal.org/user/258568
[10] https://www.drupal.org/user/108450
[11] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news