Will Drupal become obsolete

Critical vulnerabilities in Drupal modules

Anyone who creates websites with the CMS Drupal and uses the Module Group and Hostmaster (Aegir) should install the available updates. Otherwise, in the worst case scenario, attackers could execute malicious code on servers.

With the group module you can assign user rights for certain areas of websites. If attacks are lifted, attackers could leak information. Drupal classifies the gap as "critical"a. Further information on the prerequisites for an attack can be found in a warning message. This affects version 8.x-1.x-dev. Versions 8.x-1.0-rc5 and 8.x-1.1 are secured.

Aegir is used to manage various Drupal sites. Due to an as "moderately critical"With a classified vulnerability, attackers could, for example, acquire root rights on Apache web servers. However, an attacker must already have access to an Aegir account. How admins can secure their pages is described by the Drupal developers in a warning.


Comment on the post


Whether security gaps, viruses or Trojans - all security-relevant messages are available from heise Security

E-mail address

You can find detailed information on the dispatch procedure and your cancellation options in our data protection declaration.

Ad ad