OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

Джерело:
Security advisories for contributed projects

Дата публікації:
30/10/2024 19:11

Постійна адреса новини:
http://www.vsinovyny.com/11408950

OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

30/10/2024 19:11 // Security advisories for contributed projects

Project:

OhDear Integration

Date:

2024-October-30

Security risk:

Moderately critical 13 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

Vulnerability:

Access bypass

Affected versions:

<2.0.4

Description:

Integrates your Drupal website with the Oh Dear monitoring app.

Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module.

This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthcheck endpoint. It is not enabled by default and there's no UI option to do it. It has to be done directly in the ohdear_integration.settings.yml.

Solution:

Install the latest version:

If you use the OhDear Integration module, upgrade to 2.0.4 version.

Reported By:

casey

Fixed By:

Coordinated By:

Greg Knaddison of the Drupal Security Team
Juraj Nemec of the Drupal Security Team

» Читати повністю

«	Наступна новина з архіву Загублені міста Шовкового шляху змінили уявлення про історію Центральної Азії, - вчені	Попередня новина з архіву Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055	»