Scoutnet vzw http://forum.scoutnet.be/ |
|
[Drupal] Security announcements: Simple access-Access bypass http://forum.scoutnet.be/viewtopic.php?f=19&t=2101 |
Pagina 1 van 1 |
Auteur: | To [ 12 Apr 2008 10:41 ] |
Titel: | [Drupal] Security announcements: Simple access-Access bypass |
------------SA-2008-025 - SIMPLE ACCESS - ACCESS BYPASS------------ * Advisory ID: DRUPAL-SA-2008-025 * Project: Simple access (third-party module) * Version: 5.x-1.* * Date: 2008-April-09 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Access bypass ------------DESCRIPTION------------ The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered via the interaction with other modules, such as Node clone [ http://drupal.org/project/node_clone ] or Project issue tracking [ http://drupal.org/project/project_issue ]. ------------VERSIONS AFFECTED------------ * Simple access for Drupal 5.x up to and including version 5.x-1.2-2 Drupal core is not affected. If you do not use the contributed Simple access module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: Simple access 5.x-1.3 [ http://drupal.org/node/244565 ] See also the Simple access project page [ http://drupal.org/project/simple_access ]. ------------REPORTED BY------------ Derek Wright [ http://drupal.org/user/46549 ] of the Drupal Security Team. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |