[Security-news] XML sitemap - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053
security-news at drupal.org
security-news at drupal.org
Wed Jul 18 19:10:06 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-053
Project: XML sitemap [1]
Date: 2018-July-18
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Information Disclosure
Description:
This module enables you to generate XML sitemaps and it helps search engines
to more intelligently crawl a website and keep their results up to date.
The module doesn't sufficiently handle access rights under the scenario of
updating contents from cron execution.
Solution:
* If you use the XML sitemap module for Drupal 7.x, upgrade to XML sitemap
7.x-2.4 [3]
Also see the XML sitemap [4] project page.
Reported By:
* Balazs Janos Tatar [5] Provisional Security Team member
Fixed By:
* Balazs Janos Tatar [6]
* jtsnow [7]
* Tushar Thatikonda [8]
Coordinated By:
* Michael Hess [9] of the Drupal Security Team
[1] https://www.drupal.org/project/xmlsitemap
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/2986578
[4] https://www.drupal.org/project/xmlsitemap
[5] https://www.drupal.org/user/649590
[6] https://www.drupal.org/user/649590
[7] https://www.drupal.org/user/171614
[8] https://www.drupal.org/user/1835276
[9] https://www.drupal.org/u/mlhess
More information about the Security-news
mailing list