The AltaGrade Blog

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

Nick Onom's picture

Nick

 Marketing Project Manager

Mar 12, 2020
Add comment

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

Project: SAML Service Provider
Date: 2020-March-11
Security risk: Critical 15∕25
Vulnerability: Access bypass

Description

This module enables you to authenticate Drupal users using an external SAML Identity Provider.

If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML.

Read More

Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004

Nick Onom's picture

Nick

 Marketing Project Manager

Feb 19, 2020
Add comment

Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004

Project: Profile
Date: 2020-February-19
Security risk: Moderately critical 14∕25
Vulnerability: Access Bypass

Description

The Profile module enables you to allow users to have configurable user profiles.

The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users.

Solution

Install the latest version:

Read More

If not Drupal 8/9 then Backdrop - Upgrade your Drupal 7 website with AltaGrade!

Nick Onom's picture

Nick

 Marketing Project Manager

Jan 20, 2020
4 comments

If not Drupal 8/9 then definitely Backdrop!

Since its official release on January 5, 2011 for many years Drupal 7 had been the content management system of choice for the majority of the web-projects hosted on AltaGrade platform. However, the picture has been gradually changing after Drupal 7's end-of-life was announced to take place sometime in November 2021 with growing number of Drupal 8, Wordpress, Backdrop or other types of websites coming instead.

Read More

WordPress 5.3.1 Security and Maintenance Release

Nick Onom's picture

Nick

 Marketing Project Manager

Dec 13, 2019
Add comment

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.1 by clicking this link, or visit your WordPress website's Dashboard → Updates and click Update Now.

Read More

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

Nick Onom's picture

Nick

 Marketing Project Manager

Dec 11, 2019
Add comment

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096
Project: Webform
Versions: 7.x-4.x, 7.x-3.x
Date: 2019-December-11
Security risk: Critical 15∕25 
Vulnerability: Multiple vulnerabilities

Description

This module enables you to create forms to collect information from users and report, analyze and distribute it by email.

Read More

Security advisories for multiple Drupal 8 contributed modules: Smart Trim, Modal Page, Taxonomy access fix, Permissions by Term

Nick Onom's picture

Nick

 Marketing Project Manager

Dec 11, 2019
Add comment

Security advisories for multiple Drupal 8 contributed modules: Smart Trim, Modal Page, Taxonomy access fix, Permissions by Term

Project: Smart Trim
Version: 8.x-1.x
Date: 2019-December-11
Security risk: Moderately critical 
Vulnerability: Cross site scripting

Description

The Smart Trim module allows site builders additional control with text summary fields.

The module doesn't sufficiently filter text when certain options are selected.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when certain options are selected for the trimmed output.

Read More

WordPress 5.3 “Kirk” is released

Nick Onom's picture

Nick

 Marketing Project Manager

Nov 12, 2019
Add comment

WordPress 5.3 “Kirk” is released

WordPress 5.3 with the improved block editor, named “Kirk” in honour of jazz multi-instrumentalist Rahsaan Roland Kirk, has been released today and is available for download or update in your dashboard.

5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site.

Read More

WordPress 5.2.4 security release has been announced

Nick Onom's picture

Nick

 Marketing Project Manager

Oct 15, 2019
Add comment

WordPress 5.2.4 security release has been announced

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

The following security vulnerabilities have been detected and addressed in this release:

Read More

Pages