Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-3DA0352F-2397-11EA-966E-000FFEC0B3E1: drupal -- Drupal Core - Multiple Vulnerabilities

Back to Search

FreeBSD: VID-3DA0352F-2397-11EA-966E-000FFEC0B3E1: drupal -- Drupal Core - Multiple Vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/18/2019
Created
12/24/2019
Added
12/22/2019
Modified
12/22/2019

Description

Drupal Security Team reports:

A visit to install.php can cause cached data to become corrupted.

This could cause a site to be impaired until caches are rebuilt.

Drupal 8 core's file_save_upload() function does not strip the

leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in

conjunction with contributed modules may be able to use this to

upload system files such as .htaccess in order to bypass protections

afforded by Drupal's default .htaccess file. After this fix,

file_save_upload() now trims leading and trailing dots from filenames.

The Media Library module has a security vulnerability whereby it

doesn't sufficiently restrict access to media items in certain

configurations.

The Drupal project uses the third-party library Archive_Tar, which

has released a security-related feature that impacts some Drupal

configurations. Multiple vulnerabilities are possible if Drupal is

configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and

processes them. The latest versions of Drupal update Archive_Tar to

1.4.9 to mitigate the file processing vulnerabilities.

Solution(s)

  • freebsd-upgrade-package-drupal7
  • freebsd-upgrade-package-drupal8

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;