![]() ![]() However, the protections for these two vulnerabilities previously did not work correctly together. However, forms added through contributed or custom modules or themes may be affected.ĭrupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). No forms provided by Drupal core are known to be vulnerable. This may lead to a user being able to alter data they should not have access to. Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. Review the release notes for your Drupal version if you have issues accessing private files after updating. Some sites may require configuration changes following this security release. ![]() This may result in users gaining access to private files that they should not have access to. The file download facility doesn't sufficiently sanitize file paths in certain situations. The core REST and contributed GraphQL modules are not affected. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. In certain scenarios, Drupal's JSON:API module will output error backtraces. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |