oss-sec mailing list archives
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)
From: Pere Orga <pere () orga cat>
Date: Wed, 2 Sep 2015 22:17:35 +0200
Hi On Tue, Aug 18, 2015 at 6:30 PM, <cve-assign () mitre org> wrote: [..]
Novalnet Payment Module Ubercart - SQL Injection - SA-CONTRIB-2015-116 https://www.drupal.org/node/2499787The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability.Use CVE-2015-5504.Since the affected path is not protected against CSRF, a malicious user can exploit this vulnerability by triggering a request to a specially-crafted URL.It is not clear to us if this CSRF issue is exploitable. The attack seems to be against a Novalnet employee, but it is not known if Novalnet employees have access to the specific IP in a way that would make the exploit feasible.
At the time Novalnet was notified, they did not provide any details but acknowledged the issue and stated their will to fix it. It is not certain if the issue is exploitable.
Novalnet Payment Module Drupal Commerce - SQL Injection - SA-CONTRIB-2015-117 https://www.drupal.org/node/2499791We believe that the Novalnet Payment Module Drupal Commerce module may share a codebase with the Novalnet Payment Module Ubercart module in SA-CONTRIB-2015-116. If you can confirm that the vulnerable code in SA-CONTRIB-2015-117 is different from the code in SA-CONTRIB-2015-116, then we will issue a separate CVE ID. Otherwise, use CVE-2015-5504 for this vulnerability.
It is the same vulnerable code, so we'll reuse CVE-2015-5504. [..]
jQuery Update - Open Redirect - SA-CONTRIB-2015-123 https://www.drupal.org/node/2507729 LABjs - Open Redirect - SA-CONTRIB-2015-124 https://www.drupal.org/node/2507735 Acquia Cloud Site Factory Connector - Open Redirect - SA-CONTRIB-2015-125 https://www.drupal.org/node/2507741A new CVE might not be necessary. We believe that SA-CONTRIB-2015-123, SA-CONTRIB-2015-124, and SA-CONTRIB-2015-125 share the same codebase (Overlay JavaScript file) as the Overlay module in SA-CORE-2015-002, which has been issued CVE-2015-3233.
Yes, these projects were affected in the same way because they shared the same vulnerable code of Drupal core. Reusing CVE-2015-3233. Updating our records, thanks. Regards Pere Orga on behalf of the Drupal Security Team
Current thread:
- CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) Pere Orga (Jul 04)
- Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) cve-assign (Aug 18)
- Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) Pere Orga (Sep 02)
- Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) cve-assign (Aug 18)