The AltaGrade Blog

Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020

Nick Onom's picture

Nick

 Marketing Project Manager

May 27, 2020
Add comment

Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020

Project: Drupal Commerce
Date: 2020-May-27
Security risk: Moderately critical 12∕25 
Vulnerability: Access bypass

Description

Drupal Commerce is used to build eCommerce websites and applications. It's possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never assigned an owner.

Read More

Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Nick Onom's picture

Nick

 Marketing Project Manager

May 20, 2020
Add comment

Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Project: Drupal core
Date: 2020-May-20
Security risk: Moderately critical 10∕25 
Vulnerability: Open Redirect

Description

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Read More

reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019

Nick Onom's picture

Nick

 Marketing Project Manager

May 13, 2020
Add comment

reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019

Project: reCAPTCHA v3
Date: 2020-May-13
Security risk: Critical 18∕25 
Vulnerability: Access bypass

Description

The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.

If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.

Read More

Webform - Critical - Access bypass - SA-CONTRIB-2020-018

Nick Onom's picture

Nick

 Marketing Project Manager

May 13, 2020
Add comment

Webform - Critical - Access bypass - SA-CONTRIB-2020-018

Project: Webform
Date: 2020-May-13
Security risk: Critical 15∕25 
Vulnerability: Access bypass

Description

This webform module enables you to build a 'Term checkboxes' element.

The module doesn't sufficiently check term 'view' access when rendering 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term checkboxes' element.

Read More

Drupal 8: Multiple critical and moderately critical security advisories for Webform module

Nick Onom's picture

Nick

 Marketing Project Manager

May 6, 2020
Add comment

Drupal 8: Multiple critical and moderately critical security advisories for Webform module

Drupal Security team has released multiple critical and moderately critical security advisories for Webform module today. This module enables you to build forms and surveys in Drupal.

Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011

Project: Webform
Date: 2020-May-06
Security risk: Critical 17∕25 
Vulnerability: Remote Code Execution
Read More

Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009

Nick Onom's picture

Nick

 Marketing Project Manager

Apr 9, 2020
Add comment

Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009

Project: Spamicide
Date: 2020-April-08
Security risk: Critical 18∕25 
Vulnerability: Access bypass

Description

The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots.

The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass.

Solution

Install the latest version:

Read More

Pages