1940 matches found
Protected Pages - Critical - Access bypass - SA-CONTRIB-2023-013
This module enables you to secure any page with a password. The module does not sufficiently restrict access to the page content...
Xray Audit - Moderately critical - Cross site scripting - SA-CONTRIB-2023-012
This module is a tool for developers, analysts, and administrators that allows them to generate reports on a given Drupal installation. The module does not sufficiently sanitize some data presented in its reports. This vulnerability is mitigated by the fact that an attacker must have a role with...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003
The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...
Responsive media Image Formatter - Critical - Unsupported - SA-CONTRIB-2023-011
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...
Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010
The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...
Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004
Drupal core provides a page that outputs the markup from phpinfo to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the...
Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009
This module provides a new UI experience for node editing - Gutenberg editor. This vulnerability can cause DoS by using reusable blocks improperly. This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it...
Thunder - Moderately critical - Access bypass - SA-CONTRIB-2023-007
Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thundergqls module which provides a graphql interface. The module doesn't sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing...
Group control for forums - Critical - Access bypass - SA-CONTRIB-2023-008
This module enables you to associate Forums as Group 1.x content and use Group access permissions. Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics...
Better Social Sharing Buttons - Less critical - Cross Site Scripting - SA-CONTRIB-2023-006
This module enables you to add social sharing buttons to a site. The module doesn't sufficiently sanitize the weight and ratio values entered in the module or block configuration. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...
Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places...
Media Library Block - Moderately critical - Information Disclosure - SA-CONTRIB-2023-003
The Media Library Block module allows you to render a media entity in a block. The module does not properly check media access in some circumstances. This may result in unauthorized users including anonymous users seeing media items they are not authorized to access if a block containing a...
Media Library Form API Element - Moderately critical - Information Disclosure - SA-CONTRIB-2023-004
This module enables you to use the media library in custom forms without the Media Library Widget. The module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001
The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visib...
Entity Browser - Moderately critical - Information Disclosure - SA-CONTRIB-2023-002
The Entity Browser module allows you to select entities from entity reference fields using a custom entity browser widget. Entity Browser does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about entities they are not...
Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001
This module enables users to create 'private' vocabularies. The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View...
H5P - Create and Share Rich Content and Applications - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-064
This module enables you to create interactive content. The module doesn't sufficiently stop path traversal attacks through zipped filenames for the uploadable .h5p files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "update h5p libraries". In...
File (Field) Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-065
The File Field Paths module extends the default functionality of Drupal's core File module, by adding the ability to use entity-based tokens in destination paths and file names. The module's default configuration could temporarily expose private files to anonymous visitors. Important note: to fix...
Entity Registration - Moderately critical - Access bypass - SA-CONTRIB-2022-063
This module enables you to create registration entities related to nodes. The module doesn't sufficiently restrict update access to a user's own registrations. This vulnerability is mitigated by the fact that an attacker must have the "update own registration type" permission...
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061
Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...
Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060
The Social Base theme is designed as a base theme for Open Social. This base theme holds has a lot of sensible defaults. It doesn't however contain much styling. We expect developers to want to change this for their own project. When content within the Open Social distribution is placed within a...
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062
Social Private Message module allows users on the platform to allow users to send private messages to each other. The module does not properly perform the correct access checks for certain operations...
Search API - Moderately critical - Information Disclosure - SA-CONTRIB-2022-059
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups. This vulnerability is mitigated ...
Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058
This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions. The module doesn't sufficiently apply access restrictions when using the filters fieldlabel, fieldvalue,...
S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057
This module enables you to utilize S3-compatible storage as a Drupal filesystem. The module doesn't sufficiently prevent file access across multiple filesystem schemes stored in the same bucket. This vulnerability is mitigated by the fact that an attacker must obtain a method to access arbitrary...
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016
Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Drupal core's code extending Twig has also been updated to mitigate a related vulnerability. Multiple...
Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-055
This module enables you to restrict content via taxonomy terms and related permissions. The module doesn't sufficiently restrict cached content in certain circumstances. This vulnerability is mitigated by the fact that it only occurs when multiple entity types are enabled in the module...
Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-056
This module enables you to set content permissions based on taxonomy terms. The module doesn't sufficiently restrict access to translated and unpublished nodes. This vulnerability is mitigated by the fact that it only affects sites with translated content...
Next.js - Moderately critical - Access bypass - SA-CONTRIB-2022-054
The Next.js module provides an inline preview for content. Authenticated requests are made to Drupal to fetch JSON:API content and render them in an iframe from the decoupled Next.js site. The current implementation doesn’t sufficiently check access for fetching data. All requests made to Drupal...
Commerce Elavon - Moderately critical - Access bypass - SA-CONTRIB-2022-053
This module enables you to accept payments from the Elavon payment provider. The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon On-site payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment...
jQuery UI Checkboxradio - Moderately critical - Cross site scripting - SA-CONTRIB-2022-052
jQuery UI is a third-party library used by Drupal. The jQuery UI Checkboxradio module provides the jQuery UI Checkboxradio library which was previously in Drupal 8 core, but has since been removed from core and moved to this module. As part of the jQuery UI 1.13.2 update, the jQuery UI project...
Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051
This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance. The module doesn't sufficiently check access for the add operation. Users with permission to edit content can view and reference unpublished terms. The edit...
PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050
This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...
Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049
This module enables you to conditionally display blocks in particular theme regions. The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker mu...
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. This advisory is not covere...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers. Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference:...
Entity Print - Moderately critical - Multiple: Remote Code Execution, Information disclosure - SA-CONTRIB-2022-048
This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf 2.0.0 See the library release notes for more detail:...
Lottiefiles Field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-046
The Lottiefiles Field module enables you to integrate the lottiefiles features into your page. The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...
Config Terms - Critical - Access bypass - SA-CONTRIB-2022-047
This module enables you to create and manage a version of taxonomy based on configuration entities instead of content. This allows the terms, vocabularies, and their structure to be exported, imported, and managed as site configuration. The module doesn't sufficiently check access for the edit an...
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011
Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: Failure to strip the Cookie header on change in host or HTTP...
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010
Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-043
Open Social is a Drupal distribution for online communities. Group entities created within Open Social did not sufficiently check entity access in group overviews, allowing users to see information in the overviews they should not have access to. Visiting the entity directly resulted in correct...
Embed - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2022-042
The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some...
Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers user can view API keys for their respective Apps. The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for...
Entity Browser Block - Moderately critical - Access bypass - SA-CONTRIB-2022-044
Entity Browser Block provides a Block Plugin for every Entity Browser on your site. The module didn't sufficiently check entity view access in the block form. This vulnerability is mitigated by the fact that an attacker must be able to place a block - either through the core "Block Layout" page o...
Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040
The Wingsuit module enables site builders to build UI Patterns and|or Twig Components with Storybook and use them without any mapping code in Drupal. The module doesn't have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration...
Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038
The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...