[Security-news] Facebook Messenger Customer Chat Plugin - Critical - Access bypass - SA-CONTRIB-2019-059
security-news at drupal.org
security-news at drupal.org
Wed Jul 24 19:19:42 UTC 2019
View online: https://www.drupal.org/sa-contrib-2019-059
Project: Facebook Messenger Customer Chat Plugin [1]
Date: 2019-July-24
Security risk: *Critical* 16∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Description:
The Facebook Messenger Customer Chat Plugin module enables you to add the
Facebook Messenger Customer Chat Plugin to your Drupal site.
The module doesn't require user permissions on the admin page.
Solution:
Install the latest version:
* If you use the Facebook Messenger Customer Chat Plugin module for Drupal
7.x, upgrade to Facebook Messenger Customer Chat Plugin 7.x-1.1 [3]
Also see the Facebook Messenger Customer Chat Plugin [4] project page.
Reported By:
-------- REPORTED BY
---------------------------------------------------------
* Marcelo Vani [5]
Fixed By:
* Marcelo Vani [6]
Coordinated By:
* Michael Hess [7] of the Drupal Security Team
* Greg Knaddison [8] of the Drupal Security Team
[1] https://www.drupal.org/project/fb_messenger_customer_chat_plugin
[2] https://www.drupal.org/security-team/risk-levels
[3]
https://www.drupal.org/project/fb_messenger_customer_chat_plugin/releases/7.x-1.1
[4] https://www.drupal.org/project/fb_messenger_customer_chat_plugin
[5] https://www.drupal.org/user/854220
[6] https://www.drupal.org/user/854220
[7] https://www.drupal.org/user/102818
[8] https://www.drupal.org/user/36762
More information about the Security-news
mailing list