The AltaGrade Blog

WordPress 5.8 Tatum has been released

Nick

Marketing Project Manager

Jul 20, 2021
Add comment

Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and changed what people thought could be done.

So fire up your music service of choice and enjoy Tatum’s famous recordings of ‘Tea for Two’, ‘Tiger Rag’, ‘Begin the Beguine’, and ‘Night and Day’ as you read about what the latest WordPress version brings to you.

Nick

Marketing Project Manager

Jun 30, 2021
Add comment

Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-021

Project: Linky Revision UI
Date: 2021-June-30
Security risk: Moderately critical 11∕25
Vulnerability: Access bypass

Description

This module provides a revision UI for Linky entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.

Solution

Install the latest version:

Nick

Marketing Project Manager

Jun 30, 2021
Add comment

Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022

Project: Block Content Revision UI
Date: 2021-June-30
Security risk: Moderately critical 11∕25
Vulnerability: Access bypass

Description

This module provides a revision UI for Block Content entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

Nick

Marketing Project Manager

Jun 23, 2021
Add comment

UI redressing (clickjacking) vulnarabilities found in Opigno group manager and Opigno Learning path

Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

Project: Opigno Learning path
Date: 2021-June-23
Security risk: Less critical 9∕25 
Vulnerability: UI redressing (clickjacking)

Description

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the different steps of a training in Opigno LMS.

Nick

Marketing Project Manager

Jun 17, 2021
Add comment

Chaos Tool Suite (ctools) - Moderately critical - Access bypass - SA-CONTRIB-2021-015

Project: Chaos Tool Suite (ctools)
Date: 2021-June-16
Security risk: Moderately critical 13∕25 
Vulnerability: Access bypass

Description

Chaos tool suite (ctools) module provides a number of APIs and extensions for Drupal, its 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them.

Nick

Marketing Project Manager

Jun 17, 2021
Add comment

Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-016

Project: Linky Revision UI
Date: 2021-June-16
Security risk: Moderately critical 11∕25 
Vulnerability: Access bypass

Description

This module provides a revision UI to Linky entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.

Nick

Marketing Project Manager

Jun 2, 2021
Add comment

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2021-014

Project: OpenID Connect / OAuth client
Date: 2021-June-02
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass

Description

This module allows users to authenticate against an Oauth 2.0 / OpenID Connect identity provider to login to your Drupal site.

Nick

Marketing Project Manager

Jun 2, 2021
Add comment

GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

Project: GraphQL
Date: 2021-June-02
Security risk: Moderately critical 11∕25 
Vulnerability: Information Disclosure

Description

This module lets you craft and expose a GraphQL web service API.

The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.

Nick

Marketing Project Manager

Jun 2, 2021
Add comment

Frequently Asked Questions - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-012

Project: Frequently Asked Questions
Date: 2021-June-02
Security risk: Moderately critical 11∕25
Vulnerability: Cross Site Scripting

Description

The Frequently Asked Questions (faq) module allows users, with appropriate permissions, to create question and answer pairs which they want displayed on the 'faq' page. The 'faq' page is automatically generated from the FAQ nodes configured. Basic Views layouts are also provided and can be customized via the Views UI (rather than via the module settings page).

Nick

Marketing Project Manager

Jun 2, 2021
Add comment

Open Social - SQL Injection & Authentication Bypass vulnarabilities - SA-CONTRIB-2021-010 & SA-CONTRIB-2021-011

Open Social - Moderately critical - SQL Injection - SA-CONTRIB-2021-010

Project: Open Social
Date: 2021-June-02
Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:All/II:None/E:Theoretical/TD:Default
Vulnerability: SQL Injection

Description

This Open Social distribution provides a turn-key system for building customized social networks.

The module doesn't sufficiently process data in certain circumstances.

The AltaGrade Blog

Description

Solution

Description

Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

Description

Description

Description

Description

Description

Description

Open Social - Moderately critical - SQL Injection - SA-CONTRIB-2021-010

Description

Pages