[IT-SecNots] [Security-news] Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2024-029

Project: Opigno Learning path [1]
Date: 2024-August-07
Security risk: *Critical* 16∕25
AC:Complex/A:User/CI:All/II:All/E:Theoretical/TD:Default [2]
Vulnerability: Arbitrary PHP code execution

Affected versions: <3.1.2
Description: 
The Opigno Learning Path module enables you to manage group content.

Administrative forms allow uploading malicious files which may contain
arbitrary code (RCE) or cross site scriptiong (XSS). These forms were not
adequately controlled with permissions that communicate the severity of the
permission.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "Manage group content in any group".

Solution: 
Install the latest version:

  * If you use the /opigno_learning_path module/, upgrade it to
    /opigno_learning_path/ >= 3.1.2 [3]

Reported By: 
  * Marcin Grabias [4]
  * catch [5] of the Drupal Security Team

Fixed By: 
  * Axel Minck [6]
  * Yuriy Korzhov [7]
  * Andrii Aleksandrov [8]
  * Yurii Boichenko [9]

Coordinated By: 
  * Greg Knaddison [10] of the Drupal Security Team


[1] https://www.drupal.org/project/opigno_learning_path
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/opigno_learning_path/releases/3.1.2
[4] https://www.drupal.org/user/1599440
[5] https://www.drupal.org/user/35733
[6] https://www.drupal.org/user/1065700
[7] https://www.drupal.org/user/3477971
[8] https://www.drupal.org/user/3368060
[9] https://www.drupal.org/user/624860
[10] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news