The AltaGrade Blog

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Alex Shaposhnik's picture

Alex

 Technical Support Specialist

Nov 6, 2019
Add comment

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Project: Open Social
Date: 2019-November-06
Security risk: Critical 15∕25
Vulnerability: Insecure Session Management

Description

Open Social is a Drupal distribution for online communities. The included social_magic_login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account.

Read More

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

Alex Shaposhnik's picture

Alex

 Technical Support Specialist

Aug 15, 2019
Add comment

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

Project: External Links Filter
Date: 2019-August-14
Security risk: Moderately critical 10∕25 
Vulnerability: Open Redirect Vulnerability

Description

The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.

The module did not have protection for the Redirect URL to go where content authors intended.

Solution

Install the latest version:

Read More

Timetable for migration to AltaGrade

Alex Shaposhnik's picture

Alex

 Technical Support Specialist

Apr 8, 2019
Add comment

Timetable for migration to AltaGrade

As you might know we first announced the launch of our new AltaGrade website and the new hosting platform back on November, 2018. Since then we've been accepting new orders on and migrating Drupion customers who wanted immediate upgrades to the new system.

Read More