Scoutnet vzw http://forum.scoutnet.be/ |
|
[Drupal] Security announcements: Nodefamily - Access bypass http://forum.scoutnet.be/viewtopic.php?f=19&t=1786 |
Pagina 1 van 1 |
Auteur: | To [ 07 Mrt 2007 8:41 ] |
Titel: | [Drupal] Security announcements: Nodefamily - Access bypass |
------------NODEFAMILY - ACCESS BYPASS------------ * Advisory ID: DRUPAL-SA-2007-011 * Project: Node familty (third-party module) * Version: 5.x * Date: 2007-March-6 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Access bypass ------------DESCRIPTION------------ Nodefamily is needed for building user profiles with the nodeprofile module. By manipulating URL arguments, authenticated users are able to access and modify the profile of other users. ------------VERSIONS AFFECTED------------ * Nodefamily for Drupal 5.x before 5.x-1.0 Nodefamily for 4.7.x is not affected. Drupal core is not affected. If you do not use the contributed Nodefamily module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * Node family 5.x-1.0 [http://drupal.org/node/123126]. See also the Nodefamily project page [http://drupal.org/project/nodefamily]. ------------REPORTED BY------------ Ryan C. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [http://drupal.org/contact]. |
Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |