=================================================================== CERT-Renater Note d'Information No. 2023/VULN198 _____________________________________________________________________ DATE : 19/05/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running File Chooser Field for Drupal versions prior to 7.x-1.13, S3 File System for Drupal versions prior to 8.x-3.2. ====================================================================https://www.drupal.org/sa-contrib-2023-015 https://www.drupal.org/sa-contrib-2023-014 _____________________________________________________________________ File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015 Project: File Chooser Field Date: 2023-May-17 Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:None/E:Exploit/TD:All Vulnerability: Server Side Request Forgery, Information Disclosure Description: The File Chooser Field allows users to upload files using 3rd party plugins such as Google Drive and Dropbox. This module fails to validate user input sufficiently which could *under certain circumstances lead to a Server Side Request Forgery (SSRF) vulnerability leading to Information Disclosure. In uncommon configurations and scenarios, it might lead to Remote Code Execution. Solution: If you use File Chooser Field version 7.x-1.x, Upgrade to 7.x-1.13 Reported By: Drew Webber of the Drupal Security Team George Hazlewood Fixed By: Drew Webber of the Drupal Security Team aaron.ferris Coordinated By: Greg Knaddison of the Drupal Security Team _____________________________________________________________________ S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2023-014 Project: S3 File System Version: 8.x-3.1 8.x-3.0 8.x-3.0-rc2 8.x-3.0-rc1 8.x-3.0-beta7 8.x-3.0-beta6 8.x-3.0-beta5 8.x-3.0-beta4 8.x-3.0-beta3 8.x-3.0-beta2 8.x-3.0-beta1 8.x-3.0-alpha17 Date: 2023-May-03 Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Access bypass Description: S3 File System (s3fs) provides an additional file system to your Drupal site, which stores files in Amazon's Simple Storage Service (S3) or any other S3-compatible storage service. This module may fail to validate that a file being requested to be moved to storage was uploaded during the same web request, possibly allowing an attacker to move files that should normally be inaccessible to them. This vulnerability is mitigated by the fact that another vulnerability must already exist outside of s3fs. Solution: Install the latest version: If you use the S3 File System module for Drupal 8.x, upgrade to s3fs 8.x-3.2 Reported By: Conrad Lara Fixed By: Conrad Lara Coordinated By: Greg Knaddison of the Drupal Security Team ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =======================================================