Full Report
Drupal security advisory (AV26-175)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Drupal Contributed Modules (AV26-175)
## CVE Details
*Note: The specific CVE identifiers for these individual Drupal project advisories are typically assigned within the linked vendor advisories. At the time of the Canadian Centre for Cyber Security (CCCS) summary, generic identifiers are often used until the individual advisories are fully processed.*
- **CVE ID:** Pending / Multiple (Refer to Drupal Security Advisories link)
- **CVSS Score:** Varied (Ranging from Moderately Critical to Highly Critical)
- **CWE:** Likely includes CWE-79 (Cross-site Scripting), CWE-352 (CSRF), and CWE-287 (Improper Authentication) based on the nature of the affected modules.
## Affected Systems
- **Products:** 9 Specific Drupal Contributed Modules
- **Versions:**
- **Material Icons:** Versions prior to 2.0.4
- **Theme Negotiation by Rules:** Versions prior to 1.2.1
- **Tagify:** Versions prior to 1.2.49
- **Anti-Spam by CleanTalk:** Versions prior to 9.7.0
- **CAPTCHA:** Versions prior to 1.17.0 and 2.0.0 to 2.0.9
- **Islandora:** Versions prior to 2.17.5
- **Drupal Canvas:** Versions prior to 1.1.1
- **SAML SSO - Service Provider:** Versions prior to 3.1.3
- **Responsive Favicons:** Versions prior to 2.0.2
- **Configurations:** Systems utilizing these third-party modules within a Drupal CMS environment.
## Vulnerability Description
This advisory covers a collection of security flaws across several Drupal contributed modules. While the CCCS bulletin provides a summary, these types of Drupal advisories typically address vulnerabilities such as:
- **Cross-Site Scripting (XSS):** Improper sanitization of user input.
- **Access Control Bypasses:** Significant in modules like SAML SSO and Theme Negotiation.
- **Form Validation Bypasses:** Relevant to CAPTCHA and Anti-Spam modules.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; PoC typically follows disclosure for Drupal modules.
- **Complexity:** Generally Low to Medium.
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** Low to Moderate
- **Integrity:** Moderate to High (potential for site takeover or data manipulation)
- **Availability:** Low to Moderate
## Remediation
### Patches
Administrators should update the affected modules to the following versions or later:
- **Material Icons:** 2.0.4
- **Theme Negotiation by Rules:** 1.2.1
- **Tagify:** 1.2.49
- **Anti-Spam by CleanTalk:** 9.7.0
- **CAPTCHA:** 1.17.0 or 2.0.10
- **Islandora:** 2.17.5
- **Drupal Canvas:** 1.1.1
- **SAML SSO- Service Provider:** 3.1.3
- **Responsive Favicons:** 2.0.2
### Workarounds
- If updates cannot be applied immediately, disable the affected modules.
- Restrict administrative access to trusted IP ranges to mitigate potential exploitation of configuration vulnerabilities.
## Detection
- **Indicators of compromise:** Unusual administrative logins, modified site headers (Favicons/Icons), or bypassed spam filters.
- **Detection methods:** Use `drush pm-list` to check current module versions or utilize the Drupal built-in "Available Updates" report.
## References
- **Drupal Security Advisories:** hxxps[://]www[.]drupal[.]org/security
- **CCCS Advisory:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/drupal-security-advisory-av26-175