Scoutnet vzw http://forum.scoutnet.be/ |
|
[Drupal] Security announcements: Forward - Access bypass http://forum.scoutnet.be/viewtopic.php?f=19&t=1901 |
Pagina 1 van 1 |
Auteur: | To [ 10 Jul 2007 23:18 ] |
Titel: | [Drupal] Security announcements: Forward - Access bypass |
------------FORWARD - ACCESS BYPASS------------ * Advisory ID: DRUPAL-SA-2007-015 * Project: Forward (third-party module) * Version: 5.x and 4.7.x * Date: 2007-July-09 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Access bypass ------------DESCRIPTION------------ The Forward module is a module that allows site administrators to add links to postings that let users email the current page to a third party. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control, Taxonomy Access Lite, etc. ------------VERSIONS AFFECTED------------ * Forward for Drupal 5.x before 5.x-1.0 * Forward for Drupal 4.7.x before 4.7-1.1 Drupal core is not affected. If you do not use the contributed Forward module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * Forward 5.x-1.0 [http://drupal.org/node/158025] * Forward 4.7.x-1.1 [http://drupal.org/node/158022] See also the Forward project page [http://drupal.org/project/forward]. ------------REPORTED BY------------ Drupal Security Team ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [http://drupal.org/contact]. |
Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |