[Security-news] Drupal voor Gemeenten - Moderately critical - Access Bypass - SA-CONTRIB-2019-031
security-news at drupal.org
security-news at drupal.org
Wed Mar 6 19:01:54 UTC 2019
View online: https://www.drupal.org/sa-contrib-2019-031
Project: Drupal voor Gemeenten [1]
Date: 2019-March-06
Security risk: *Moderately critical* 13∕25
AC:None/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access Bypass
Description:
The DvG distrubition contains the feature module dvg_domains to support
multiple domains.
When the dvg_domains feature module is enabled, anonymous users are able to
access some administration pages and change the settings exposed on those
pages.
This issue can be mitigated by disabling the dvg_domains module.
Solution:
Install the latest version:
* If you use the module dvg_domains from the DvG distribution upgrade to
DvG
7.x-1.9 [3]
Reported By:
* Bernard Skibinski [4]
Fixed By:
* paulvandenburg [5]
Coordinated By:
* Greg Knaddison [6] of the Drupal Security Team
[1] https://www.drupal.org/project/dvg
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/dvg/releases/7.x-1.9
[4] https://www.drupal.org/user/807452
[5] https://www.drupal.org/user/3304805
[6] https://www.drupal.org/u/greggles
More information about the Security-news
mailing list