[Security-news] Metatag - Moderately critical - Information disclosure - SA-CONTRIB-2019-058
security-news at drupal.org
security-news at drupal.org
Wed Jul 24 19:19:20 UTC 2019
View online: https://www.drupal.org/sa-contrib-2019-058
Project: Metatag [1]
Date: 2019-July-24
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Information disclosure
Description:
This module enables you to customize meta tags to help with a site's search
engine ranking and improve the display of page summaries when shared on
social networks.
The module doesn't sufficiently check for a site being in maintenance mode.
This vulnerability is mitigated by the fact that the site must be configured
to disallow access to certain content, and must be put into maintenance mode.
Solution:
Install the latest version:
* If you use the Metatag module for Drupal 8.x, upgrade to Metatag 8.x-1.9
[3]
Also see the Metatag [4] project page.
Reported By:
* Shloma [5]
Fixed By:
* Damien McKenna [6] of the Drupal Security Team
Coordinated By:
* Damien McKenna [7] of the Drupal Security Team
[1] https://www.drupal.org/project/metatag
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/metatag/releases/8.x-1.9
[4] https://www.drupal.org/project/metatag
[5] https://www.drupal.org/user/2858019
[6] https://www.drupal.org/user/108450
[7] https://www.drupal.org/u/damienmckenna
More information about the Security-news
mailing list