Project: Acquia Connector
Date: 2019-February-06
Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass
Description:
Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service.
The module does not properly enforce access control in a specific case, which can lead to disclosing information.
The vulnerability is mitigated by requiring the module diff feature to be enabled. This feature is enabled by default.
pandaskii
commented
5 years ago
https://www.drupal.org/sa-contrib-2019-014
Project: Acquia Connector Date: 2019-February-06 Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default Vulnerability: Access bypass Description: Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service.
The module does not properly enforce access control in a specific case, which can lead to disclosing information.
The vulnerability is mitigated by requiring the module diff feature to be enabled. This feature is enabled by default.
https://www.drupal.org/project/acquia_connector/releases/7.x-3.4
Release notes Fixes SA-CONTRIB-2019-014
https://www.drupal.org/project/acquia_connector/releases/7.x-3.3
Release notes Changes since 7.x-3.2:
Updated acquia cloud links Fix for a minor CSRF issue when refreshing subscription status Fix for automatic site name setting when not acquia hosted
2934217 by TravisCarden: Added check for length of name
GOVCMSD7-66 Version changed to 3.2 to 3.4