CVE-2017-6924 – REST API can bypass comment approval - Access Bypass - Moderately Critical
https://notcve.org/view.php?id=CVE-2017-6924
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments. Al emplear la API REST en Drupal 8, en versiones anteriores a la 8.3.4, los usuarios que carezcan del permiso correcto pueden publicar comentarios mediante REST que están aprobados incluso aunque dicho usuario no tenga permiso para publicar comentarios aprobados. Este problema solo afecta a sitios que tengan el módulo RESTful Web Services (rest) habilitado, el recurso REST de comentario habilitado y si un atacante puede acceder a una cuenta de usuario en el sitio con permisos para publicar comentarios (o donde los usuarios anónimos puedan publicar comentarios). • http://www.securityfocus.com/bid/100368 http://www.securitytracker.com/id/1039200 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple • CWE-269: Improper Privilege Management •
CVE-2017-6925
https://notcve.org/view.php?id=CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity. En versiones de Drupal 8 core anteriores a la 8.3.7, hay una vulnerabilidad en el sistema de acceso de entidades que podría permitir el acceso no deseado para visualizar, crear, actualizar o eliminar entidades. Esto solo afecta a las entidades que no emplean o no poseen UUID, así como a las entidades que tienen diferentes restricciones de acceso en diferentes revisiones de la misma entidad. • http://www.securityfocus.com/bid/100368 http://www.securitytracker.com/id/1039200 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple •
CVE-2017-6920
https://notcve.org/view.php?id=CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. Drupal core 8 en versiones anteriores a la 8.3.4 permite que los atacantes remotos ejecuten código arbitrario debido a que el analizador PECL YAML no maneja objetos PHP de forma segura durante determinadas operaciones. • http://www.securityfocus.com/bid/99211 http://www.securitytracker.com/id/1038781 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple • CWE-19: Data Processing Errors •
CVE-2018-14773
https://notcve.org/view.php?id=CVE-2018-14773
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. • http://www.securityfocus.com/bid/104943 http://www.securitytracker.com/id/1041405 https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html https://seclists.org/bugtraq/2019/May/21 https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers https://www.debian.org/security/2019/dsa-4441 https://www.drupal.org/SA-CORE-2018-005 •
CVE-2018-7602 – Drupal Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Existe una vulnerabilidad de ejecución remota de código en múltiples subsistemas de Drupal en versiones 7.x y 8.x. • https://www.exploit-db.com/exploits/44557 https://www.exploit-db.com/exploits/44542 https://github.com/happynote3966/CVE-2018-7602 https://github.com/132231g/CVE-2018-7602 https://github.com/kastellanos/CVE-2018-7602 http://www.securityfocus.com/bid/103985 http://www.securitytracker.com/id/1040754 https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html https://www.debian.org/security/2018/dsa-4180 https://www.drupal.org/sa-core-2018-004 •