Vulnerability Management

Drupal addresses Twitter module vulnerabilities

Share

Content management system publisher Drupal has issued fixes for what is has described as a moderately critical issue regarding its Twitter Post module that allows unauthorized users to change Twitter account settings or even delete an account.

The company said that the Twitter module used in Drupal versions 6.x and 7.x do not properly check for access thus allowing a tweet to be posted not only by the Drupal user, but by any authenticated Twitter account owner. In addition to being able to tweet, the vulnerability allows “any user to change the options for any other account, including deleting the attached Twitter account.”

Drupal has issued a solution requesting Twitter module users update to the latest Twitter module for Drupal.

A CVE identifier has been requested, but not yet issued for the problem.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.