Multiple vulnerabilities in Drupal
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 |
| CWE-ID | CWE-264 CWE-79 CWE-284 CWE-601 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Drupal Web applications / CMS |
| Vendor | Drupal |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU10699
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6926
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists improper permissions controls in the comment system. A remote attacker permission to post comments can view content and comments he doesn't have access to, and is also able to add comments to this content.
MitigationUpdate to version 8.4.5.
Vulnerable software versionsDrupal: 8.4.0 - 8.4.4
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU10700
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6927
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in <VENDOR>.checkPlain() JavaScript function due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Name of vulnerable function depends on the software that includes vulnerable library, for example: Drupal.checkPlain(), or Backdrop.checkPlain().
Mitigation
Update to version 7.57 or 8.4.5.
Vulnerable software versionsDrupal: 7.50 - 8.4.4
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU10701
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6928
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access check for unusual site configurations when one module is trying to grant access to the file and another is trying to deny it. A remote attacker can bypass private file access.
MitigationUpdate to version 7.57.
Vulnerable software versionsDrupal: 7.50 - 7.56
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU10702
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6929
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in jQuery due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 7.57.
Vulnerable software versionsDrupal: 7.50 - 7.56
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU10703
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6930
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect language fallback on multilingual sites with node access restrictions. A remote attacker can bypass access.
The issue only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().
MitigationUpdate to version 8.4.5.
Vulnerable software versionsDrupal: 8.4.0 - 8.4.4
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU10704
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6931
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect access checks. A remote attacker can bypass Settings Tray access and update certain data that they do not have the permissions for.
MitigationUpdate to version 8.4.5.
Vulnerable software versionsDrupal: 8.4.0 - 8.4.4
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Open redirect
EUVDB-ID: #VU10705
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6932
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability exists due to open redirect. A remote attacker can use a specially crafted 'url' parameter and redirect users to malicious websites.
MitigationUpdate to version 7.57.
Vulnerable software versionsDrupal: 7.50 - 7.56
External linkshttp://www.drupal.org/sa-core-2018-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
