[Security-news] SafeDelete - Moderately critical - Access bypass - SA-CONTRIB-2023-039
security-news at drupal.org
security-news at drupal.org
Wed Aug 23 18:28:36 UTC 2023
View online: https://www.drupal.org/sa-contrib-2023-039
Project: SafeDelete [1]
Version: 1.0.431.0.421.0.411.0.401.0.391.0.381.0.361.0.351.0.341.0.331.0.321.0.311.0.301.0.291.0.281.0.271.0.261.0.251.0.241.0.231.0.221.0.211.0.201.0.191.0.181.0.171.0.161.0.151.0.141.0.131.0.121.0.111.0.101.0.91.0.81.0.71.0.51.0.41.0.31.0.21.0.11.0.0
Date: 2023-August-23
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Affected versions: <1.0.44
Description:
This module aims to prevent broken content references by informing content
editors either on delete or archive moderation.
The module provides an "orphaned content" report for broken references, which
may reveal titles of unpublished content.
Solution:
Install the latest version:
* If you use the SafeDelete module for Drupal 8/9 or 10, please upgrade to
SafeDelete 1.0.44 [3]
Reported By:
* Christopher Hopper [4]
Fixed By:
* Joseph Olstad [5]
* Cathy Theys [6] of the Drupal Security Team
* James Yao [7]
* Christopher Hopper [8]
Coordinated By:
* Cathy Theys [9] of the Drupal Security Team
* Damien McKenna [10] of the Drupal Security Team
* Greg Knaddison [11] of the Drupal Security Team
[1] https://www.drupal.org/project/safedelete
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/safedelete/releases/1.0.44
[4] https://www.drupal.org/user/116649
[5] https://www.drupal.org/user/1321830
[6] https://www.drupal.org/user/258568
[7] https://www.drupal.org/user/3644558
[8] https://www.drupal.org/user/116649
[9] https://www.drupal.org/user/258568
[10] https://www.drupal.org/user/108450
[11] https://www.drupal.org/user/36762
More information about the Security-news
mailing list