[SECURITY-L] Fwd: [Security-news] Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051
CSIRT Unicamp
security em unicamp.br
Quarta Julho 27 15:13:21 -03 2022
View online: https://www.drupal.org/sa-contrib-2022-051
Project: Tagify [1]
Version: 1.0.41.0.31.0.2-beta11.0.1-beta11.0.0-beta1
Date: 2022-July-27
Security risk: *Moderately critical* 11∕25
AC:Complex/A:User/CI:None/II:Some/E:Exploit/TD:Uncommon [2]
Vulnerability: Access bypass
Description:
This module provides a widget to transform entity reference fields into a
more user-friendly tags input component with a great performance.
The module doesn't sufficiently check access for the add operation. Users
with permission to edit content can view and reference unpublished terms.
The
edit form may expose term data that users could not otherwise see, since
there is no term view route by default.
This vulnerability is slightly mitigated by the fact that an attacker must
have a role with the permission "access content", so may not be accessible
to
anonymous users on all sites.
Solution:
Install the latest version:
* If you use the Tagify module for Drupal 9.x, upgrade to Tagify 1.0.5
[3]
Reported By:
* Conrad Lara [4]
Fixed By:
* David Galeano [5]
* Conrad Lara [6]
Coordinated By:
* Damien McKenna [7] of the Drupal Security Team
* Greg Knaddison [8] of the Drupal Security Team
[1] https://www.drupal.org/project/tagify
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/tagify/releases/1.0.5
[4] https://www.drupal.org/user/1790054
[5] https://www.drupal.org/user/3591999
[6] https://www.drupal.org/user/1790054
[7] https://www.drupal.org/user/108450
[8] https://www.drupal.org/user/36762
_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20220727/4dd94344/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L