Drupal 7.x < 7.102 / 10.2.x < 10.2.11 / 10.3.x < 10.3.9 / 11.x < 11.0.8 Multiple Vulnerabilities (drupal-2024-11-20)

high Nessus Plugin ID 211656

Synopsis

A PHP application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.102, 10.2.x prior to 10.2.11, 10.3.x prior to 10.3.9, or 11.x prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities.

- Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core. To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases. (SA-CORE-2024-008)

- Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core. To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError. (SA-CORE-2024-007)

- Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core. To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes.
If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError. (SA-CORE-2024-006)

- Drupal 7 core's Overlay module doesn't safely handle user input, leading to reflected cross-site scripting under certain circumstances. Only sites with the Overlay module enabled are affected by this vulnerability. (SA-CORE-2024-005)

- Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user.
This may lead to data integrity issues. (SA-CORE-2024-004)

- Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. (SA-CORE-2024-003)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Drupal version 7.102 / 10.2.11 / 10.3.9 / 11.0.8 or later.

Plugin Details

Severity: High

ID: 211656

File Name: drupal_11_0_8.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 11/20/2024

Updated: 11/20/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: installed_sw/Drupal, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 11/20/2024

Vulnerability Publication Date: 11/20/2024

Detections

Analytics