SB2017031701 - Three vulnerabilities in Drupal

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017031701

SB2017031701 - Three vulnerabilities in Drupal

Published: March 17, 2017

Security Bulletin ID SB2017031701
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2017-6377)

The vulnerability allows a remote attacker to access potentially sensitive information.

The vulnerability exists due to incorrect permissions assigned for uploaded private files using a configured text editor (like CKEditor). The editor does not correctly check access for the file being attached, which can lead to disclosure of private files.

2) Cross-site request forgery (CVE-ID: CVE-2017-6379)

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to certain administrative forms do not have protection against CSRF attacks. A remote attacker can create a specially crafted website, trick the logged-in administrator to visit it and disable some blocks on affected website.

Successful exploitation of the vulnerability requires knowledge of block identifier.


3) PHP code injection (CVE-ID: CVE-2017-6381)

The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.

The vulnerability exists due to usage of a 3rd party development library in Drupal before 8.2.2. A remote attacker send a specially crafted request to /vendor/phpunit URL and execute arbitrary PHP code on the server.


Remediation

Install update from vendor's website.

References