feat: regenerate advisories

Author: G-Rath

advisories/access_code/DRUPAL-CONTRIB-2025-028.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DRUPAL-CONTRIB-2025-028",
+  "modified": "2025-04-02T17:02:32.000Z",
+  "published": "2025-04-02T17:02:32.000Z",
+  "aliases": [
+    "CVE-2025-3129"
+  ],
+  "details": "This module enables users to log in using a short access code instead of providing a username/password combination.\n\nThe module doesn't sufficiently protect against brute force attacks to guess a user's access code.\n\nThis vulnerability is mitigated by the fact that access code based logins are off by default and only enabled for accounts that enable it. Sites could mitigate the issue without updating by:\n\n1. disabling the access code login method for critical accounts\n2. monitor and prevent brute force attacks in other ways (for example, with a Web Application Firewall)",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Drupal",
+        "name": "drupal/access_code"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.0.4"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<2.0.4"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<2.0.4"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2025-028"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Marcin Maruszewski (marcin maruszewski)",
+      "contact": [
+        "https://www.drupal.org/u/marcin-maruszewski"
+      ]
+    }
+  ]
+}

advisories/access_code/DSA-CONTRIB-2025-028.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DRUPAL-CONTRIB-2023-034",
+  "modified": "2023-08-23T18:45:47.000Z",
+  "published": "2023-08-23T14:51:16.000Z",
+  "aliases": [],
+  "details": "The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes.\n\nThe module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection.\n\nAs this is an API module, it is only exploitable if a \"client\" module exposes the vulnerability. Details of some contributed client modules are given below. Custom modules using ACL could also expose the vulnerability.\n\nThis vulnerability is mitigated by the fact that an attacker typically needs an \"admin\"-type permission provided by one of ACL's client modules.\n\nKnown client modules include:\n\n* Forum Access\n* Flexi Access\n* Content Access\n\nCoordinated Security Advisories are being released for those client modules that have Security coverage.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Drupal",
+        "name": "drupal/acl"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.0"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<1.0.0"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<1.0.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2023-034"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Drew Webber",
+      "contact": [
+        "https://www.drupal.org/user/255969"
+      ]
+    },
+    {
+      "name": "Samuel Mortenson",
+      "contact": [
+        "https://www.drupal.org/user/2582268"
+      ]
+    }
+  ]
+}

advisories/acl/DRUPAL-CONTRIB-2023-034.json

@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DRUPAL-CONTRIB-2019-014",
+  "modified": "2023-08-11T19:23:01.000Z",
+  "published": "2019-02-06T18:13:19.000Z",
+  "aliases": [],
+  "details": "Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service.\n\nThe module does not properly enforce access control in a specific case, which can lead to disclosing information.\n\nThe vulnerability is mitigated by requiring the module diff feature to be enabled. This feature is enabled by default.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Drupal",
+        "name": "drupal/acquia_connector"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.16.0"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<1.16.0"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<1.16.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2019-014"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Samuel Mortenson",
+      "contact": [
+        "https://www.drupal.org/user/2582268"
+      ]
+    }
+  ]
+}

advisories/acl/DSA-CONTRIB-2023-034.json

@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DRUPAL-CONTRIB-2024-025",
+  "modified": "2025-02-20T19:13:15.000Z",
+  "published": "2024-06-05T16:45:02.000Z",
+  "aliases": [
+    "CVE-2024-13261"
+  ],
+  "details": "Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance.\n\nThe module doesn't sufficiently protect the ability to disconnect a site from DAM. While disconnected sites do not lose asset data in Drupal, it will prevent site editors from accessing the DAM until a site administrator re-authenticates the site. Some uncached media images may also fail to be fetched while disconnected.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Drupal",
+        "name": "drupal/acquia_dam"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.13"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<1.0.13"
+          }
+        },
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0-beta1"
+            },
+            {
+              "fixed": "1.1.0-beta3"
+            }
+          ],
+          "database_specific": {
+            "constraint": ">=1.1.0-beta1 <1.1.0-beta3"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<1.0.13 || >=1.1.0-beta1 <1.1.0-beta3",
+        "patched": true
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2024-025"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Matt Glaman",
+      "contact": [
+        "https://www.drupal.org/user/2416470"
+      ]
+    }
+  ]
+}