------------SA-2008-003 - BUEDITOR - CSRF------------
* Advisory ID: DRUPAL-SA-2008-003
* Project: BUEditor (third-party module)
* Version: 4.7.x, 5.x
* Date: 2008-January-10
* Security risk: Not critical
* Exploitable from: Remote
* Vulnerability: Cross site request forgery
------------DESCRIPTION------------
BUEditor is a plain textarea editor aiming to facilitate code writing. It supports completely customizable interface and button functionality via role-based editors.
The Drupal Forms API protects against cross site request forgeries (CSRF), where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The editor deletion form does not follow the standard Forms API submission model and is therefore not protected against this type of attack. A CSRF attack may result in the deletion of custom editor interfaces.
------------VERSIONS AFFECTED------------
* BUEditor for Drupal 4.7.x before BUEditor 4.7.x-1.0
* BUEditor for Drupal 5.x before BUEditor 5.x-1.1
Drupal core is not affected. If you do not use the contributed BUEditor module, there is nothing you need to do.
------------SOLUTION------------
Install the latest version:
* If you use Drupal 4.7.x upgrade to BUEditor 4.7.x-1.1 [
http://drupal.org/node/206861 ].
* If you use Drupal 5.x upgrade to BUEditor 5.x-1.1 [
http://drupal.org/node/206858 ].
See also the BUEditor project page [
http://drupal.org/project/bueditor ].
------------REPORTED BY------------
Stéphane Corlosquet (scor) [
http://drupal.org/user/52142 ].
------------CONTACT------------
The security contact for Drupal can be reached at security at drupal.org or via the form at [
http://drupal.org/contact ]