Web Hosting • The AltaGrade Blog • • AltaGrade

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Alex

Technical Support Specialist

Feb 5, 2020
Add comment

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Project: Views Bulk Operations (VBO)
Date: 2020-February-05
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass

Description

Views Bulk Operations provides enhancements to running bulk actions on views.

The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.

This vulnerability is mitigated by the fact that it only occurs in the case of customised action access (by means of hook_action_info_alter).

Alex

Technical Support Specialist

Jan 16, 2020
Add comment

Following the 4-month release cycle, the Backdrop community has released the version 1.15 of Backdrop CMS.

Alex

Technical Support Specialist

Jan 15, 2020
Add comment

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scripting

Description

Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in.

The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu.

This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.

Solution

Install the latest version:

Alex

Technical Support Specialist

Nov 6, 2019
Add comment

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Project: Open Social
Date: 2019-November-06
Security risk: Critical 15∕25
Vulnerability: Insecure Session Management

Description

Open Social is a Drupal distribution for online communities. The included social_magic_login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account.

Alex

Technical Support Specialist

Aug 15, 2019
Add comment

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

Project: External Links Filter
Date: 2019-August-14
Security risk: Moderately critical 10∕25 
Vulnerability: Open Redirect Vulnerability

Description

The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.

The module did not have protection for the Redirect URL to go where content authors intended.

Solution

Install the latest version:

Alex

Technical Support Specialist

Jun 1, 2019
Add comment

Finalizing migration from Drupion to AltaGrade

Update of June 5, 2019: We have to re-send this newsletter once again, because when contacted about migration some customers reported they didn't receive previous notifications about Drupion-AltaGrade transformation.

Alex

Technical Support Specialist

Apr 8, 2019
Add comment

As you might know we first announced the launch of our new AltaGrade website and the new hosting platform back on November, 2018. Since then we've been accepting new orders on and migrating Drupion customers who wanted immediate upgrades to the new system.

The AltaGrade Blog

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Description

Backdrop 1.15 has just been released

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Description

Solution

Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075

Description

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

Description

Solution

Updated: Finalizing migration from Drupion to AltaGrade

Timetable for migration to AltaGrade