Blogroll: Drupal Contrib Security

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 18 posts from the blog 'Drupal Contrib Security.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Subscribe to Drupal Contrib Security feed
Updated: 1 hour 24 min ago

Floating Button Menu - Critical - Unsupported - SA-CONTRIB-2019-091

Wed, 13/11/2019 - 18:11
Project: Floating Button MenuDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Webform Multiple File Upload - Critical - Unsupported - SA-CONTRIB-2019-090

Wed, 13/11/2019 - 18:10
Project: Webform Multiple File UploadDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Commerce Ingenico - Critical - Unsupported - SA-CONTRIB-2019-089

Wed, 13/11/2019 - 18:10
Project: Commerce IngenicoDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

SendinBlue - Critical - Unsupported - SA-CONTRIB-2019-088

Wed, 13/11/2019 - 18:09
Project: SendinBlueDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Make Meeting Scheduler - Critical - Unsupported - SA-CONTRIB-2019-087

Wed, 13/11/2019 - 18:09
Project: Make Meeting SchedulerDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Webform Report - Critical - Unsupported - SA-CONTRIB-2019-086

Wed, 13/11/2019 - 18:08
Project: Webform ReportDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Nodequeue - Critical - Unsupported - SA-CONTRIB-2019-085

Wed, 13/11/2019 - 18:07
Project: NodequeueDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Taxonomy CSV import/export - Critical - Unsupported - SA-CONTRIB-2019-084

Wed, 13/11/2019 - 18:06
Project: Taxonomy CSV import/exportDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Feeds JSONPath Parser - Critical - Unsupported - SA-CONTRIB-2019-083

Wed, 13/11/2019 - 18:06
Project: Feeds JSONPath ParserDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Field Slideshow - Critical - Unsupported - SA-CONTRIB-2019-082

Wed, 13/11/2019 - 18:05
Project: Field SlideshowDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Bugsnag - Critical - Unsupported - SA-CONTRIB-2019-081

Wed, 13/11/2019 - 18:04
Project: BugsnagDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Noggin - Critical - Unsupported - SA-CONTRIB-2019-080

Wed, 13/11/2019 - 18:04
Project: NogginDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Bypass Form Validations - Critical - Unsupported - SA-CONTRIB-2019-079

Wed, 13/11/2019 - 18:03
Project: Bypass Form ValidationsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Nexus Theme - Critical - Unsupported - SA-CONTRIB-2019-078

Wed, 13/11/2019 - 18:02
Project: Nexus ThemeDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Frequently Asked Questions - Critical - Unsupported - SA-CONTRIB-2019-077

Wed, 13/11/2019 - 18:00
Project: Frequently Asked QuestionsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Administration Views - Critical - Unsupported - SA-CONTRIB-2019-076

Wed, 13/11/2019 - 15:10
Project: Administration ViewsDate: 2019-November-13Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported

Solution: 

If you use this project, you should uninstall it. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.

Categories: Technology

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Wed, 06/11/2019 - 16:10
Project: Open SocialDate: 2019-November-06Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Insecure Session ManagementDescription: 

Open Social is a Drupal distribution for online communities. The included social_magic_login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account.

This vulnerability is mitigated by the fact the module social_magic_login needs to be enabled.

Solution: 

Install the latest version:

Alternatively, disable the module social_magic_login.

Also see the Open Social project page.

Reported By: 
  • Heine of the Drupal Security Team
Fixed By: Coordinated By: 
  • Heine of the Drupal Security Team
Categories: Technology

Booking and Availability Management Tools for Drupal - Moderately critical - Access Bypass - SA-CONTRIB-2019-074

Wed, 16/10/2019 - 17:09
Project: Booking and Availability Management Tools for DrupalDate: 2019-October-16Security risk: Moderately critical 11∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access BypassDescription: 

The Bat module provides a foundation through which a wide range of availability management, reservation and booking use cases can be addressed.

The routes used to view events don't sufficiently guard access for non-privileged users. Specifically, a user with the 'View own' permission for bat events can view others' events as well.

Solution: 

Install the latest version:

  • If you use the bat module for Drupal 8.x, upgrade to bat 8.x-1.2

Also see the Booking and Availability Management Tools for Drupal project page.

Reported By: Fixed By: Coordinated By: 
Categories: Technology
Additional Terms