Vigil@nce - Drupal Services: privilege escalation
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use Drupal Services, in order to
escalate his privileges.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 06/02/2014
DESCRIPTION OF THE VULNERABILITY
The Services module can be installed on Drupal. It is impacted by
two vulnerabilities.
An authenticated attacker can assign himself additional roles, in
order to escalate his privileges. [severity:2/4]
An authenticated attacker can alter comments of other users.
[severity:2/4]
An authenticated attacker can therefore use Drupal Services, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Services-privilege-escalation-14179