XML sitemap - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053 - Security-news

18 Jul 2018


      View online: https://www.drupal.org/sa-contrib-2018-053
Project: XML sitemap [1]
Date: 2018-July-18
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Information Disclosure
Description: 
This module enables you to generate XML sitemaps and it helps search engines
to more intelligently crawl a website and keep their results up to date.
The module doesn't sufficiently handle access rights under the scenario of
updating contents from cron execution.
Solution: 
   * If you use the XML sitemap module for Drupal 7.x, upgrade to XML sitemap
     7.x-2.4 [3]
Also see the XML sitemap [4] project page.
Reported By: 
   * Balazs Janos Tatar  [5] Provisional Security Team member
Fixed By: 
   * Balazs Janos Tatar  [6]
   * jtsnow  [7]
   * Tushar Thatikonda  [8]
Coordinated By: 
   * Michael Hess [9] of the Drupal Security Team
[1] https://www.drupal.org/project/xmlsitemap
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/2986578
[4] https://www.drupal.org/project/xmlsitemap
[5] https://www.drupal.org/user/649590
[6] https://www.drupal.org/user/649590
[7] https://www.drupal.org/user/171614
[8] https://www.drupal.org/user/1835276
[9] https://www.drupal.org/u/mlhess