====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN631
_____________________________________________________________________

DATE                : 20/11/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running SAML Service Provider for Drupal,
                          Ink Filepicker for Drupal,
                          Media: oEmbed for Drupal,
                          Examples for Developers for Drupal.

=====================================================================
https://www.drupal.org/sa-contrib-2020-038
https://www.drupal.org/sa-contrib-2020-037
https://www.drupal.org/sa-contrib-2020-036
https://www.drupal.org/sa-contrib-2020-035
_____________________________________________________________________

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical -
Access bypass - SA-CONTRIB-2020-038

Project:         SAML SP 2.0 Single Sign On (SSO) - SAML Service
                      Provider
Date:            2020-November-18
Security risk:
Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability:   Access bypass


Description:

This module enables your users residing at a SAML 2.0 compliant Identity
Provider to login to your Drupal website.

The module has two Authentication Bypass vulnerabilities.


Solution:

Install the latest version:

    If you use the miniorange_saml module for Drupal 8.x, upgrade to
miniorange_saml 8.x-2.14
    If you use the miniorange_saml module for Drupal 7.x, upgrade to
miniorange_saml 7.x-2.54


Reported By:

    Heine of the Drupal Security Team
    Michael Mazzolini


Fixed By:

    abhay19


Coordinated By:

    Heine of the Drupal Security Team
    Chris McCafferty of the Drupal Security Team

_____________________________________________________________________

Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037


Project:           Ink Filepicker
Date:              2020-November-18
Security risk:
Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability:     Unsupported


Description:

The security team is marking this project unsupported. There is a known
security issue with the project that has not been fixed by the
maintainer.

It looks like the 3rd party service that this module integrates with may
have been retired.

If you would like to maintain this project nevertheless, please read:
https://www.drupal.org/node/251466#procedure---own-project---unsupported


Solution:

If you use this project, you should uninstall it. To take over
maintainership, please read
https://www.drupal.org/node/251466#procedure---own-project---unsupported
in full.

_____________________________________________________________________

Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036


Project:           Media: oEmbed
Date:              2020-November-18
Security risk:
Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability:    Remote Code Execution


Description:

Media oEmbed does not properly sanitize certain filenames as described
in SA-CORE-2020-012.


Solution:

Install the latest version:

    Upgrade to Media oEmbed 7.x-2.8


Reported By:

    Alex Pott of the Drupal Security Team


Fixed By:

    Samuel Mortenson of the Drupal Security Team
    Alex Pott of the Drupal Security Team
    Drew Webber of the Drupal Security Team


Coordinated By:

    Samuel Mortenson of the Drupal Security Team
    Alex Pott of the Drupal Security Team
    Drew Webber of the Drupal Security Team
    xjm of the Drupal Security Team

_____________________________________________________________________

Examples for Developers - Critical - Remote Code Execution -
SA-CONTRIB-2020-035
Project:          Examples for Developers
Date:             2020-November-18
Security risk:
Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability:    Remote Code Execution


Description:

The File Example submodule within the Examples project does not properly
sanitize certain filenames as described in SA-CORE-2020-012, along with
other related vulnerabilities.

Therefore, File Example so is being removed from Examples until a
version demonstrating file security best practices can added back in the
future.


Solution:

Any sites that have File Example submodule installed should uninstall it
immediately

Then, install the latest version of Examples:

    If you use Examples 3 (Drupal 9-compatible), upgrade to Examples 3.0.2
    If you use the Examples module's 8.x-1.x branch, upgrade to Examples
8.x-1.1


Reported By:

    Alex Pott of the Drupal Security Team


Fixed By:

    Valery Lourie
    Samuel Mortenson of the Drupal Security Team
    Jess (xjm) of the Drupal Security Team
    Alex Pott of the Drupal Security Team


Coordinated By:

    Michael Hess of the Drupal Security Team
    Jess (xjm) of the Drupal Security Team
    Drew Webber of the Drupal Security Team
    Alex Pott of the Drupal Security Team



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================