Multiple vulnerabilities in Drupal



Published: 2019-12-19
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID N/A
CWE-ID CWE-284
CWE-20
CWE-434
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
Subscribe
Drupal
Web applications / CMS

Vendor Drupal

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU23680

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to absent access restrictions to the install.php script. A remote unauthenticated attacker can access the install.php script and corrupt cached data that will lead to website inaccessibility.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Drupal: 8.7.0 - 8.8.0 rc1

External links

http://www.drupal.org/sa-core-2019-009


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU23681

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass imposed security restrictions.

The vulnerability exists due to insufficient validation of user-supplied file names during upload in the file_save_upload() function that does not strip the leading and trailing dot ('.') from filenames. A remote attacker with ability to download files can upload system files such as .htaccess and bypass imposed security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Drupal: 8.7.0 - 8.8.0 rc1

External links

http://www.drupal.org/sa-core-2019-010


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Arbitrary file upload

EUVDB-ID: #VU23682

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to usage of vulnerable Archive_Tar library. If Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads, a remote attacker can upload and execute arbitrary PHP code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Drupal: 7.0 - 8.8.0 rc1

External links

http://www.drupal.org/sa-core-2019-012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU23683

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Media Library module. A remote attacker can bypass implemented security restrictions and gain unauthorized access to media items in certain configurations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Drupal: 8.7.0 - 8.8.0 rc1

External links

http://www.drupal.org/sa-core-2019-011


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###