Skip to content

Commit 01efb9b

Browse files
feat: update advisories (#127)
🤖 beep boop - looks like there's some changes to the advisories! Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
1 parent 72da181 commit 01efb9b

3 files changed

Lines changed: 66 additions & 2 deletions

File tree

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DSA-CONTRIB-2025-105",
4+
"modified": "2025-09-03T16:15:48.000Z",
5+
"published": "2025-09-03T16:15:48.000Z",
6+
"aliases": [
7+
"CVE-2025-9954"
8+
],
9+
"details": "This module enables you to connect a Drupal site to the Acquia DAM service, which syncs media from the third party service to the site.\n\nThe module doesn't sufficiently validate authorization to a list of DAM assets currently synced to the website creating an access bypass vulnerability.\n\nThis vulnerability is mitigated by the fact that it only impacts sites where users having the \u201cview media\u201d permission accessing any DAM asset is undesirable.\n\n**CVSS risk score ([experimental](https://www.drupal.org/project/securitydrupalorg/issues/3442181)) 6.9 / Medium**\n\n[CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)",
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Packagist",
14+
"name": "drupal/acquia_dam"
15+
},
16+
"severity": [],
17+
"ranges": [
18+
{
19+
"type": "ECOSYSTEM",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "1.1.5"
26+
}
27+
],
28+
"database_specific": {
29+
"constraint": "<1.1.5"
30+
}
31+
}
32+
],
33+
"database_specific": {
34+
"affected_versions": "<1.1.5"
35+
}
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://www.drupal.org/sa-contrib-2025-105"
42+
}
43+
],
44+
"credits": [
45+
{
46+
"name": "Brandon Goodwin (bgoodie)",
47+
"contact": [
48+
"https://www.drupal.org/u/bgoodie"
49+
]
50+
},
51+
{
52+
"name": "Chris Burge (chris burge)",
53+
"contact": [
54+
"https://www.drupal.org/u/chris-burge"
55+
]
56+
},
57+
{
58+
"name": "Todd Woofenden (toddwoof)",
59+
"contact": [
60+
"https://www.drupal.org/u/toddwoof"
61+
]
62+
}
63+
]
64+
}

advisories/layout_builder_perms/DSA-CONTRIB-2025-097.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.7.0",
33
"id": "DSA-CONTRIB-2025-097",
4-
"modified": "2025-08-13T17:33:34.000Z",
4+
"modified": "2025-09-03T18:53:10.000Z",
55
"published": "2025-08-13T17:33:34.000Z",
66
"aliases": [
77
"CVE-2025-8996"

advisories/protected_pages/DSA-CONTRIB-2025-101.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.7.0",
33
"id": "DSA-CONTRIB-2025-101",
4-
"modified": "2025-08-27T17:19:59.000Z",
4+
"modified": "2025-09-03T18:55:46.000Z",
55
"published": "2025-08-27T17:19:59.000Z",
66
"aliases": [
77
"CVE-2025-9551"

0 commit comments

Comments
 (0)