Scoutnet vzw

We connect scouts!
Het is momenteel 19 Mrt 2024 7:59

Alle tijden zijn UTC + 1 uur




Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 
Auteur Bericht
BerichtGeplaatst: 20 Mei 2009 21:43 
Offline
Site Admin
Site Admin

Geregistreerd: 30 Sep 2002 23:00
Berichten: 1806
* Advisory ID: DRUPAL-SA-CONTRIB-2009-029
* Project: Views Bulk Operations (third-party module)
* Version: 5.x, 6.x
* Date: 2009-May-20
* Security risk: Medium
* Exploitable from: Remote
* Vulnerability: Access bypass

-------- DESCRIPTION
---------------------------------------------------------

Views Bulk operations allows registered procedures (called actions) to be applied on a result set of Drupal nodes, returned by the Views module. Through the Views Bulk Operations interface, it is possible to let users who are not authorized to update specific nodes or classes of nodes, to still apply actions that modify these nodes, thereby violating user permissions.
-------- VERSIONS AFFECTED
---------------------------------------------------

* Views Bulk Operations 5.x-1.x prior to 5.x-1.4
* Views Bulk Operations 6.x-1.x prior to 6.x-1.7

Drupal core is not affected. If you do not use the contributed Views Bulk Operations module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------

Install the latest version:
* If you use Views Bulk Operations 5.x-1.x upgrade to Views Bulk Operations
5.x-1.4 [1]
* If you use Views Bulk Operations 6.x-1.x upgrade to Views Bulk Operations
6.x-1.7 [2]
See also the Views Bulk Operations project page [3].
-------- REPORTED BY
---------------------------------------------------------

Shawn McElroy (bigmack83) [4]
-------- FIXED BY
------------------------------------------------------------

Karim Ratib (kratib) [5]
-------- CONTACT
-------------------------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.


[1] http://drupal.org/node/468374
[2] http://drupal.org/node/468366
[3] http://drupal.org/project/views_bulk_operations
[4] http://drupal.org/user/248940
[5] http://drupal.org/user/48424


Omhoog
 Profiel  
 
Berichten weergeven van de afgelopen:  Sorteer op  
Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 

Alle tijden zijn UTC + 1 uur


Wie is er online?

Gebruikers in dit forum: Geen geregistreerde gebruikers en 2 gasten


U mag geen nieuwe onderwerpen plaatsen in dit forum
U mag geen reacties plaatsen op onderwerpen in dit forum
U mag uw berichten niet wijzigen in dit forum
U mag uw berichten niet verwijderen in dit forum
U mag geen bijlagen plaatsen in dit forum

Zoeken naar:
Ga naar:  
cron
Powered by phpBB® Forum Software © phpBB Group
Vertaald door phpBBservice.nl.