UI redressing (clickjacking) vulnarabilities found in Opigno group manager and Opigno Learning path

Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

Project: Opigno Learning path
Date: 2021-June-23
Security risk: Less critical 9∕25 
Vulnerability: UI redressing (clickjacking)

Description

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the different steps of a training in Opigno LMS.

The module does not set X-Frame-Options and blocks ability of other modules (e.g Security Kit) to add them, leaving it vulnerable to Clickjacking.

Solution

Install the latest version:

If you use the Opigno learning path module for Drupal 8.x, upgrade to a version greater than 8.x-1.10 Opigno learning path 8.x-1.11 or later.

The issue was fixed in public but needed a security advisory. Users of the module are encouraged to upgrade to at least 8.x-1.11 or a later version to gain protection against this weakness.

Opigno group manager - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-019

Project: Opigno group manager
Date: 2021-June-23
Security risk: Less critical 9∕25
Vulnerability: UI redressing (clickjacking)

Description

This project is related to Opigno LMS distribution. It implements the group manager in the Opigno LMS.

The module does not set X-Frame-Options and blocks ability of other modules (e.g Security Kit) to add them, leaving it vulnerable to Clickjacking.

Solution

Install the latest version:

If you use the Opigno group manager module for Drupal 8.x, upgrade to a version greater than 8.x-1.7 Opigno group manager 8.x-1.8 or later.

The issue was fixed in public but needed a security advisory. Users of the module are encouraged to upgrade to at least 8.x-1.8 or a later version to gain protection against this weakness.