Detections
Analytics

Drupal 7.0.x < 7.69 / 8.7.x < 8.7.11 / 8.8.x < 8.8.1 Multiple Vulnerabilities (drupal-2019-12-18)

critical Nessus Plugin ID 132340

Language:

Synopsis

A PHP application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.69, 8.7.x prior to 8.7.11, or 8.8.x prior to 8.8.1. It is, therefore, affected by multiple vulnerabilities.

 - The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities. (SA-CORE-2019-012)

 - The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. (SA-CORE-2019-011)

 - Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file. After this fix, file_save_upload() now trims leading and trailing dots from filenames. (SA-CORE-2019-010)

 - A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt. (SA-CORE-2019-009)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Drupal version 7.69 / 8.7.11 / 8.8.1 or later.

See Also

https://www.drupal.org/project/drupal/releases/7.69

https://www.drupal.org/project/drupal/releases/8.7.11

https://www.drupal.org/project/drupal/releases/8.8.1

https://www.drupal.org/sa-core-2019-009

https://www.drupal.org/sa-core-2019-010

https://www.drupal.org/sa-core-2019-011

https://www.drupal.org/sa-core-2019-012

Plugin Details

Severity: Critical

ID: 132340

File Name: drupal_8_8_1.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 12/20/2019

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: Settings/ParanoidReport, installed_sw/Drupal

Patch Publication Date: 12/18/2019

Vulnerability Publication Date: 12/18/2019