Huge List of Critical but Unsupported Security Vulnerabilities in Contrib Modules!
On January 25th, a whole list of security advisories for contributed module projects was posted by the Drupal Security team that are classified as Critical but Unsupported vulnerabilities.
- Prevent Anonymous Users to Access Drupal Pages- SA-CONTRIB-2022-005
- Taxonomy Access Control Lite-SA-CONTRIB-2022- 006
- Colorbox: SA-CONTRIB-2022-007
- Admin Toolbar Search- SA-CONTRIB-2022-008
- Expire reset password link- SA-CONTRIB-2022-009
- Rate- SA-CONTRIB-2022-010
- Swiftype integration- SA-CONTRIB-2022-012
- Business Responsive Theme-SA_CONTRIB-2022-013
- Exif-SA-CONTRIB-2022-015
- Vocabulary Permissions Per Role- SA-CONTRIB-2022-016
- Media Entity Flickr- SA-CONTRIB-2022-017
- Cog- SA-CONTRIB-2022-018
- Vendor Stream Wrapper- SA-CONTRIB-2022-019
- Remote Stream Wrapper- SA-CONTRIB-2022-020
- Image Media Export Import- SA-CONTRIB-2022-021
- Printer, email and PDF versions- SA-CONTRIB-2022-022
All these have the same security risk classification namely “Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All”
The security team is marking these projects unsupported. There are known security issues with these projects that have not been fixed by the maintainer. If you would like to maintain any of these projects, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported
Solution:
If you use any of these projects, you should uninstall it as per security teams recommendation. To take over maintainership, please read https://www.drupal.org/node/251466#procedure---own-project---unsupported in full.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.