Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2017-November-29
Vulnerability:
CSRF
Description:
This module enables sites to manage public clouds like Amazon EC2 and also private clouds like OpenStack.
The module doesn't sufficiently protect the deletion of audit reports, thereby exposing a cross-site request vulnerability which can be exploited by unprivileged users to trick an administrator into unwanted deletion of audit reports.
This vulnerability is mitigated by the fact that the victim must have a role with the permission "access audit report".
Solution:
Install the latest version:
- If you use the Cloud module for Drupal 7, upgrade to Cloud 7.x-1.7
Reported By:
Fixed By:
- Tatar Balazs Janos
- Yas Naoi the module maintainer
Coordinated By:
