| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Atom - Access bypass http://forum.scoutnet.be/viewtopic.php?f=19&t=2048 |
Pagina 1 van 1 |
| Auteur: | To [ 12 Jan 2008 12:45 ] |
| Titel: | [Drupal] Security announcements: Atom - Access bypass |
------------SA-2008-002 - ATOM - ACCESS BYPASS ------------ * Advisory ID: DRUPAL-SA-2008-002 * Project: Atom (third-party module) * Version: 4.7.x, 5.x * Date: 2008-January-10 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Access bypass ------------DESCRIPTION------------ The Atom module provides a list of node titles, and teasers or bodies as part of a syndication feed. In certain conditions, the titles, teasers, and body were not respecting access permissions, potentially exposing content to syndication not available otherwise. ------------VERSIONS AFFECTED------------ * Atom for Drupal 4.7.x before Atom 4.7.x-1.0 * Atom for Drupal 5.x before Atom 5.x-1.0 Drupal core is not affected. If you do not use the contributed Atom module, there is nothing you need to do. Furthermore, if your site does not use more advanced per-node access controls, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * If you use Drupal 4.7.x upgrade to Atom 4.7.x-1.0 [ http://drupal.org/node/208530 ]. * If you use Drupal 5.x upgrade to Atom 5.x-1.0 [ http://drupal.org/node/198078 ]. See also the Atom project page [ http://drupal.org/project/atom ]. ------------REPORTED BY------------ Samik [ http://drupal.org/user/6917 ]. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|