The AltaGrade Blog

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Nick

Marketing Project Manager

Oct 14, 2020
Add comment

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )
Date: 2020-October-14
Vulnerability: SQL Injection

Description

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.

The 8.x branch of the module is vulnerable to SQL injection.

Solution

Install the latest version:

If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1

Nurlan

Sep 18, 2020
Add comment

Drupal 9 hosting. What it takes to harness the latest Drupal?

AltaGrade has been proudly providing professional hosting services for Drupal 9 websites since the day of its initial release. With the growing number of customers interested in our new hosting environment specifically built for Drupal 9, we'd like to provide some technical data on how exactly we've addressed the challenges to meet system requirements of Drupal 9.

Nick

Marketing Project Manager

Sep 17, 2020
2 comments

Several moderately critical and critical bugs are found in Drupal core

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

Project: Drupal core
Date: 2020-September-16
Security risk: Moderately critical 14∕25 
Vulnerability: Cross-site scripting
CVE IDs: CVE-2020-13666

Description

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

Solution

Install the latest version:

Nick

Marketing Project Manager

Sep 1, 2020
Add comment

This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade.

Alex

Technical Support Specialist

Aug 26, 2020
Add comment

Joomla 3.9.21 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.21?

Joomla 3.9.21 includes 3 security vulnerability fixes and addresses several bugs, including:

Nick

Marketing Project Manager

Aug 11, 2020
Add comment

WordPress 5.5 named “Eckstine” has been released today

A new version of WordPress named “Eckstine” has been released today. Named “Eckstine” in honor of Billy Eckstine, this latest and greatest version of WordPress is available for download or update in your dashboard.

Speed

Posts and pages feel faster, thanks to lazy-loaded images.

Images give your story a lot of impact, but they can sometimes make your site seem slow.

In WordPress 5.5, images wait to load until they’re just about to scroll into view. The technical term is ‘lazy loading.’

Alex

Technical Support Specialist

Aug 6, 2020
Add comment

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 11∕25
Vulnerability: Information disclosure

Description

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.

Alex

Technical Support Specialist

Aug 6, 2020
Add comment

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 12∕25 
Vulnerability: Information disclosure

Description

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.

Solution

Install the latest version:

Ayla

Billing Specialist

Jul 29, 2020
Add comment

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Project: Hostmaster (Aegir)
Version: 7.x-3.x-dev
Date: 2020-July-29
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass, Arbitrary code execution

Description

Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites.

Given that

Ayla

Billing Specialist

Jul 29, 2020
Add comment

Group - Critical - Information Disclosure - SA-CONTRIB-2020-030

Project: Group
Version: 8.x-1.x-dev
Date: 2020-July-29
Security risk: Critical 15∕25 
Vulnerability: Information Disclosure

Description

This module enables you to hand out permissions on a smaller subset, section or community of your website.

The AltaGrade Blog

Drupal OAuth Server (OAuth Provider) - Single Sign On ( SSO ) - SQL Injection -SA-CONTRIB-2020-034

Description

Solution

Host Drupal 9 with AltaGrade and get your FREE VPN!

Several moderately critical and critical bugs are found in Drupal core

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

Description

Solution

WordPress 5.5.1 maintenance release has been announced

Three security vulnarabilities in Joomla core are fixed with the release of version 3.9.21

What's in 3.9.21?

WordPress 5.5 named “Eckstine” has been released today

Speed

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

Description

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

Description

Solution

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Description

Group - Critical - Information Disclosure - SA-CONTRIB-2020-030

Description

Pages