The AltaGrade Blog

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Alex

Technical Support Specialist

Feb 5, 2020
Add comment

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Project: Views Bulk Operations (VBO)
Date: 2020-February-05
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass

Description

Views Bulk Operations provides enhancements to running bulk actions on views.

The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.

This vulnerability is mitigated by the fact that it only occurs in the case of customised action access (by means of hook_action_info_alter).

Nick

Marketing Project Manager

Jan 20, 2020
4 comments

If not Drupal 8 then definitely Backdrop!

Since its official release on January 5, 2011 for many years Drupal 7 had been the content management system of choice for the majority of the web-projects hosted on AltaGrade platform. However, the picture has been gradually changing after Drupal 7's end-of-life was announced to take place sometime in November 2021 with growing number of Drupal 8, Wordpress, Backdrop or other types of websites coming instead.

Alex

Technical Support Specialist

Jan 16, 2020
Add comment

Following the 4-month release cycle, the Backdrop community has released the version 1.15 of Backdrop CMS.

Alex

Technical Support Specialist

Jan 15, 2020
Add comment

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scripting

Description

Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in.

The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu.

This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.

Solution

Install the latest version:

Public

Dec 25, 2019
Add comment

As we are approaching the year 2020 we would like to thank you for entrusting your Drupal, Backdrop and WordPress websites to us. We appreciate your business with AltaGrade and assure you that we will deliver more convenient features to our hosting platform and better enhancements to our ticket processing and billing portal in 2020.

Nick

Marketing Project Manager

Dec 19, 2019
Add comment

A critical and three "moderately critical" vulnerabilities found in Drupal 7 and 8

Project: Drupal core
Version: 8.8.x-dev, 8.7.x-dev, 7.x-dev
Date: 2019-December-18
Security risk: Critical 17∕25 
Vulnerability: Multiple vulnerabilities

Drupal Security team released important security updates for Drupal 7 and Drupal 8 which address a critical and three "moderately critical" vulnerabilities in its core system.

Nick

Marketing Project Manager

Dec 13, 2019
Add comment

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.1 by clicking this link, or visit your WordPress website's Dashboard → Updates and click Update Now.

Nick

Marketing Project Manager

Dec 11, 2019
Add comment

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096
Project: Webform
Versions: 7.x-4.x, 7.x-3.x
Date: 2019-December-11
Security risk: Critical 15∕25 
Vulnerability: Multiple vulnerabilities

Description

This module enables you to create forms to collect information from users and report, analyze and distribute it by email.

Nick

Marketing Project Manager

Dec 11, 2019
Add comment

Security advisories for multiple Drupal 8 contributed modules: Smart Trim, Modal Page, Taxonomy access fix, Permissions by Term

Project: Smart Trim
Version: 8.x-1.x
Date: 2019-December-11
Security risk: Moderately critical 
Vulnerability: Cross site scripting

Description

The Smart Trim module allows site builders additional control with text summary fields.

The module doesn't sufficiently filter text when certain options are selected.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when certain options are selected for the trimmed output.

Public

Nov 13, 2019
Add comment

Projects: Multiple
Date: 2019-November-13
Security risk: Critical 
Vulnerability: Unsupported

Drupal Security team released multiple security advisories earlier today, notifying the following contributed modules and themes have been marked as unsupported and therefore should be either fixed or uninstalled:

The AltaGrade Blog

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Description

If not Drupal 8 then Backdrop - Upgrade your Drupal 7 website with AltaGrade!

Backdrop 1.15 has just been released

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Description

Solution

Merry Christmas and Happy New Year!

A critical one and three "moderately critical" vulnerabilities found in Drupal 7 and 8

WordPress 5.3.1 Security and Maintenance Release

Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096

Security advisories for multiple Drupal 8 contributed modules: Smart Trim, Modal Page, Taxonomy access fix, Permissions by Term

Description

Multiple security advisories from Drupal Security team released today

Pages