View online: https://www.drupal.org/sa-contrib-2023-039
Project: SafeDelete [1] Version: 1.0.431.0.421.0.411.0.401.0.391.0.381.0.361.0.351.0.341.0.331.0.321.0.311.0.301.0.291.0.281.0.271.0.261.0.251.0.241.0.231.0.221.0.211.0.201.0.191.0.181.0.171.0.161.0.151.0.141.0.131.0.121.0.111.0.101.0.91.0.81.0.71.0.51.0.41.0.31.0.21.0.11.0.0 Date: 2023-August-23 Security risk: *Moderately critical* 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Access bypass
Affected versions: <1.0.44 Description: This module aims to prevent broken content references by informing content editors either on delete or archive moderation.
The module provides an "orphaned content" report for broken references, which may reveal titles of unpublished content.
Solution: Install the latest version:
* If you use the SafeDelete module for Drupal 8/9 or 10, please upgrade to SafeDelete 1.0.44 [3]
Reported By: * Christopher Hopper [4]
Fixed By: * Joseph Olstad [5] * Cathy Theys [6] of the Drupal Security Team * James Yao [7] * Christopher Hopper [8]
Coordinated By: * Cathy Theys [9] of the Drupal Security Team * Damien McKenna [10] of the Drupal Security Team * Greg Knaddison [11] of the Drupal Security Team
[1] https://www.drupal.org/project/safedelete [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/safedelete/releases/1.0.44 [4] https://www.drupal.org/user/116649 [5] https://www.drupal.org/user/1321830 [6] https://www.drupal.org/user/258568 [7] https://www.drupal.org/user/3644558 [8] https://www.drupal.org/user/116649 [9] https://www.drupal.org/user/258568 [10] https://www.drupal.org/user/108450 [11] https://www.drupal.org/user/36762
-
security-news@drupal.org