The AltaGrade Blog

Chaos Tool Suite (ctools) - Moderately critical - Information disclosure - SA-CONTRIB-2021-009

Nick

Marketing Project Manager

May 12, 2021
Add comment

Chaos Tool Suite (ctools) - Moderately critical - Information disclosure - SA-CONTRIB-2021-009

Project: Chaos Tool Suite (ctools)
Version: 8.x-3.5, 8.x-3.4, 8.x-3.3, 8.x-3.2, 8.x-3.1, 8.x-3.0
Date: 2021-May-12
Security risk: Moderately critical 12∕25
Vulnerability: Information disclosure

Description

Chaos tool suite (ctools) module provides a number of APIs and extensions for Drupal, it's 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them.

Nick

Marketing Project Manager

Apr 28, 2021
Add comment

SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006

Project: SAML Authentication
Date: 2021-April-28
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass

Description

The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site.

Nick

Marketing Project Manager

Apr 21, 2021
Add comment

Backdrop core - Critical - Cross-site scripting - SA-CORE-2021-002

Date: Wednesday, Apr 21th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-002
Vulnerability: Cross Site Scripting

Versions affected

Backdrop Core 1.18.x versions prior to 1.18.3,
Backdrop Core 1.17.x versions prior to 1.17.7
Backdrop versions 1.16 and prior do not receive security coverage.

Description

Backdrop core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Nick

Marketing Project Manager

Apr 21, 2021
Add comment

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Project: Drupal core
Date: 2021-April-21
Security risk: Critical 15∕25
Vulnerability: Cross-site scripting

Description

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Solution

Install the latest version:

Nick

Marketing Project Manager

Apr 15, 2021
Add comment

WordPress 5.7.1 security & maintenance release has been announced

WordPress 5.7.1 is now available!

This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.

Nick

Marketing Project Manager

Apr 14, 2021
Add comment

Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030

Description

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.25

Solution

Upgrade to version 3.9.26

Nick

Marketing Project Manager

Apr 14, 2021
Add comment

Joomla Core - Inadequate filters on module layout settings

Impact: Low
Severity: Low
CVE Number: CVE-2021-26031
Versions: 3.0.0 - 3.9.25
Exploit type: LFI
Reported Date: 2021-01-03
Fixed Date: 2021-04-13

Description

Inadequate filters on module layout settings could lead to an LFI.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.25

Solution

Upgrade to version 3.9.26

Nick

Marketing Project Manager

Mar 18, 2021
Add comment

Fast Autocomplete - Moderately critical - Access bypass - SA-CONTRIB-2021-005

Project: Fast Autocomplete
Version: 8.x-1.7, 8.x-1.6, 8.x-1.5, 8.x-1.4, 8.x-1.3, 8.x-1.2, 8.x-1.1, 8.x-1.0
Date: 2021-March-17
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass

Nick

Marketing Project Manager

Mar 9, 2021
Add comment

Matt Mullenweg of WordPress community has announced the release of WordPress 5.7 “Esperanza” today on March 2, 2021.

“Esperanza” is named in honor of Esperanza Spalding, a modern musical prodigy. Her path as a musician is varied and inspiring—learn more about her and give her music a listen!

Nick

Marketing Project Manager

Feb 23, 2021
Add comment

WordPress 5.6.2 Maintenance Release accounced

WordPress 5.6.2 is now available!

This maintenance release includes 5 bug fixes. These bugs affect WordPress version 5.6.1, so you’ll want to upgrade.

The AltaGrade Blog

Chaos Tool Suite (ctools) - Moderately critical - Information disclosure - SA-CONTRIB-2021-009

Description

SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006

Description

Backdrop core - Critical - Cross-site scripting - SA-CORE-2021-002

Versions affected

Description

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Description

Solution

WordPress 5.7.1 security & maintenance release has been announced

Joomla Core - Escape xss in logo parameter error pages

Description

Affected Installs

Solution

Joomla Core - Inadequate filters on module layout settings

Description

Affected Installs

Solution

Fast Autocomplete - Moderately critical - Access bypass - SA-CONTRIB-2021-005

WordPress 5.7 “Esperanza” is released today

WordPress 5.6.2 Maintenance Release accounced

Pages