Drupal issued two safety advisories warning of a vulnerabilities affecting a number of variations of Drupal that would permit an attacker to entry delicate info.
There are two vulnerabilities at the moment affecting Drupal. One is rated as a excessive severity essential vulnerability.
Vulnerability in Third Celebration Library
Drupal makes use of a 3rd get together templating engine known as Twig.
In accordance with Drupal documentation:
“When your net web page renders, the Twig engine takes the template and converts it right into a ‘compiled’ PHP template which is saved in a protected listing…”
The Twig library is utilized by Drupal for templating but additionally for a course of known as sanitization, which is a strategy to forestall malicious recordsdata from being uploaded.
Twig describes the vulnerabilities as one that enables an attacker to make use of the filesystem loader to entry delicate recordsdata.
“A number of vulnerabilities are attainable if an untrusted consumer has entry to write down Twig code, together with potential unauthorized learn entry to personal recordsdata, the contents of
different recordsdata on the server, or database credentials.”
This vulnerability impacts customers of Drupal 9.3 and 9.4.
Advisable Course of Motion for Mitigating Vulnerability
Customers of Drupal 9.3 are beneficial to replace to model 9.3.22.
Customers of Drupal 9.4 are suggested to replace to model 9.4.7.
Drupal additionally warned of an Entry Bypass vulnerability that’s rated as average affecting publishers that use the S3 File System module for Drupal 7.x.
An entry bypass vulnerability is one by which an attacker is ready to bypass authentication obstacles and entry to an utility and delicate recordsdata that they need to not
in any other case have entry to.
The vulnerability is described as:
“The module doesn’t sufficiently forestall file entry throughout a number of filesystem schemes saved in the identical bucket.”
The advisory notes that this vulnerability is mitigated by a number of steps that have to be taken earlier than an attacker can achieve entry.
The advisory explains:
“This vulnerability is mitigated by the truth that an attacker should get hold of a way to entry arbitrary file paths, the positioning should have public or non-public takeover enabled, and the file metadata cache have to be ignored.”
Advisable Course of Motion
Drupal customers who use the S3 File System module for Drupal 7.x are suggested to improve to S3 File System 7.x-2.14 to be able to patch the vulnerability.
Featured picture by Shutterstock/Andrey_Popov
window.addEventListener( 'load', function() setTimeout(function() striggerEvent( 'load2' ); , 2000); );
window.addEventListener( 'load2', function()
if( sopp != 'yes' && addtl_consent != '1~' && !ss_u )
!function(f,b,e,v,n,t,s) if(f.fbq)return;n=f.fbq=function()n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments); if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=;t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e); s.parentNode.insertBefore(t,s)(window,document,'script', 'https://connect.facebook.net/en_US/fbevents.js');
if( typeof sopp !== "undefined" && sopp === 'yes' ) fbq('dataProcessingOptions', ['LDU'], 1, 1000); else fbq('dataProcessingOptions', );
fbq('trackSingle', '1321385257908563', 'ViewContent', content_name: 'drupal-critical-vulnerability', content_category: 'drupal news' );