[Security-news] Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018
security-news at drupal.org
security-news at drupal.org
Wed Apr 18 18:54:48 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-018
Project: Menu Import and Export [1]
Version: 8.x-1.0
Date: 2018-April-18
Security risk: *Critical* 17∕25
AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:Uncommon [2]
Vulnerability: Access bypass
Description:
This module helps in exporting and importing Menu Items via the
administrative interface.
The module does not properly restrict access to administrative pages,
allowing anonymous users to export and import menu links.
There is no mitigation for this vulnerability.
Solution:
Update to Menu Import and Export 8.x-1.2 [3].
Reported By:
* Nathan Dentzau [4]
Fixed By:
* Sandeep Reddy [5]
Coordinated By:
* Samuel Mortenson [6] of the Drupal Security Team
* Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/menu_export
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/menu_export/releases/8.x-1.2
[4] https://www.drupal.org/u/nathandentzau
[5] https://www.drupal.org/u/sandeepguntaka
[6] https://www.drupal.org/u/samuelmortenson
[7] https://www.drupal.org/u/mlhess
More information about the Security-news
mailing list