[SECURITY-L] [Security-news] S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2023-014

CSIRT Unicamp security em unicamp.br
Quarta Maio 3 15:33:51 -03 2023 

View online: https://www.drupal.org/sa-contrib-2023-014

Project: S3 File System [1]
Version: 8.x-3.18.x-3.08.x-3.0-rc28.x-3.0-rc18.x-3.0-beta78.x-3.0-beta68.x-3.0-beta58.x-3.0-beta48.x-3.0-beta38.x-3.0-beta28.x-3.0-beta18.x-3.0-alpha17
Date: 2023-May-03
Security risk: *Moderately critical* 13∕25
AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Description:
S3 File System (s3fs) provides an additional file system to your Drupal
site,
which stores files in Amazon's Simple Storage Service (S3) or any other
S3-compatible storage service.

This module may fail to validate that a file being requested to be moved to
storage was uploaded during the same web request, possibly allowing an
attacker to move files that should normally be inaccessible to them.

This vulnerability is mitigated by the fact that another vulnerability must
already exist outside of s3fs.

Solution:
Install the latest version:

   * If you use the S3 File System module for Drupal 8.x, upgrade to s3fs
     8.x-3.2 [3]

Reported By:
   * Conrad Lara [4]

Fixed By:
   * Conrad Lara [5]

Coordinated By:
   * Greg Knaddison [6] of the Drupal Security Team


[1] https://www.drupal.org/project/s3fs
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/s3fs/releases/8.x-3.2
[4] https://www.drupal.org/user/1790054
[5] https://www.drupal.org/user/1790054
[6] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230503/5fbc1c22/attachment.html>

Mais detalhes sobre a lista de discussão SECURITY-L