[IT-SecNots] [Security-news] Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2024-062

Project: Mailjet [1]
Date: 2024-November-20
Security risk: *Moderately critical* 14 ∕ 25
AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon [2]
Vulnerability: Arbitrary PHP code execution

Affected versions: <4.0.1
Description: 
This module for Drupal provides complete control of Email settings with
Drupal and Mailjet.

In certain cases the module doesn't securely pass data to PHP's unserialize()
function, which could result in Remote Code Execution via PHP Object
Injection.

This vulnerability is mitigated by the fact that an attack must operate with
the permission "administer mailjet module", however this could be the case if
this issue were combined with others in an "attack chain".

Solution: 
Install the latest version:

  * Upgrade to Mailjet 4.0.1 [3]
  * For Drupal 7.x, upgrade to Mailjet 7.x-2.23 [4]

Reported By: 
  * Drew Webber [5] of the Drupal Security Team

Fixed By: 
  * Drew Webber [6] of the Drupal Security Team
  * Bohdan Artemchuk [7]

Coordinated By: 
  * Drew Webber [8] of the Drupal Security Team


[1] https://www.drupal.org/project/mailjet
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/mailjet/releases/4.0.1
[4] https://www.drupal.org/project/mailjet/releases/7.x-2.23
[5] https://www.drupal.org/user/255969
[6] https://www.drupal.org/user/255969
[7] https://www.drupal.org/user/289861
[8] https://www.drupal.org/user/255969

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news