[Security-news] Drupal voor Gemeenten - Moderately critical - Access Bypass - SA-CONTRIB-2019-031

security-news at drupal.org security-news at drupal.org
Wed Mar 6 19:01:54 UTC 2019


View online: https://www.drupal.org/sa-contrib-2019-031

Project: Drupal voor Gemeenten [1]
Date: 2019-March-06
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access Bypass

Description: 
The DvG distrubition contains the feature module dvg_domains to support
multiple domains.

When the dvg_domains feature module is enabled, anonymous users are able to
access some administration pages and change the settings exposed on those
pages.

This issue can be mitigated by disabling the dvg_domains module.

Solution: 
Install the latest version:

   * If you use the module dvg_domains from the DvG distribution upgrade to 
DvG
     7.x-1.9 [3]

Reported By: 
   * Bernard Skibinski  [4]

Fixed By: 
   * paulvandenburg  [5]

Coordinated By: 
   * Greg Knaddison [6] of the Drupal Security Team


[1] https://www.drupal.org/project/dvg
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/dvg/releases/7.x-1.9
[4] https://www.drupal.org/user/807452
[5] https://www.drupal.org/user/3304805
[6] https://www.drupal.org/u/greggles



More information about the Security-news mailing list