{"id":1160,"date":"2018-02-22T16:13:05","date_gmt":"2018-02-22T21:13:05","guid":{"rendered":"https:\/\/cert.pa\/?p=1160"},"modified":"2018-02-22T16:13:36","modified_gmt":"2018-02-22T21:13:36","slug":"csirt-panama-aviso-2018-22-drupal-corrige-multiples-vulnerabilidades","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1160","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2018-22 \u2013Drupal corrige m\u00faltiples vulnerabilidades."},"content":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2018-22 \u2013Drupal corrige m\u00faltiples vulnerabilidades.<br \/>\nGravedad: Cr\u00edtica<br \/>\nFecha de publicaci\u00f3n: Febrero 22, 2018<br \/>\nFecha de modificaci\u00f3n: Febrero 22, 2018<br \/>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<br \/>\nFuente: www.drupal.org<\/p>\n<p>Sistemas Afectados<br \/>\n\u2022 8.4.x<br \/>\n\u2022 7.x<\/p>\n<p>I. Descripci\u00f3n<br \/>\nEste aviso de seguridad corrige m\u00faltiples vulnerabilidades tanto en Drupal 7 como en Drupal 8.<br \/>\nII. Impacto<br \/>\nRiesgo de seguridad: Critica.<\/p>\n<p>\u2022 El formulario de respuesta al comentario permite el acceso a contenido restringido &#8211; Cr\u00edtico &#8211; Drupal 8<br \/>\n\u2022 La prevenci\u00f3n de secuencias de comandos entre sitios JavaScript est\u00e1 incompleta &#8211; Cr\u00edtica &#8211; Drupal 7 y Drupal 8<br \/>\n\u2022 Bypass privado de acceso a archivos &#8211; Moderadamente cr\u00edtico &#8211; Drupal 7<br \/>\n\u2022 Vulnerabilidad de jQuery con dominios que no son de confianza &#8211; Moderadamente cr\u00edtica &#8211; Drupal 7<br \/>\n\u2022 La recuperaci\u00f3n de idioma puede ser incorrecta en sitios multiling\u00fces con restricciones de acceso a nodos &#8211; Moderadamente cr\u00edtico &#8211; Drupal 8<br \/>\n\u2022 Configuraci\u00f3n Bypass de acceso a la bandeja &#8211; Moderadamente cr\u00edtico &#8211; Drupal 8<br \/>\n\u2022 Inyecci\u00f3n de enlace externo en 404 p\u00e1ginas al enlazar a la p\u00e1gina actual &#8211; Menos cr\u00edtico &#8211; Drupal 7<\/p>\n<p>Para mayor informaci\u00f3n puede visitar: https:\/\/www.drupal.org\/sa-core-2018-001<\/p>\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br \/>\nSe recomienda actualizar su sistema:<br \/>\n\u2022 Si est\u00e1 utilizando Drupal 8, actualice a <a href=\"https:\/\/www.drupal.org\/project\/drupal\/releases\/8.4.5\">Drupal 8.4.5<\/a><br \/>\n\u2022 Si est\u00e1 utilizando Drupal 7, actualice a <a href=\"https:\/\/www.drupal.org\/project\/drupal\/releases\/7.57\">Drupal 7.57<\/a><\/p>\n<p>IV. Informaci\u00f3n de contacto<br \/>\nCSIRT PANAMA<br \/>\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental<br \/>\nE-Mail: info@cert.pa<br \/>\nWeb: http:\/\/www.cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2018-22 \u2013Drupal corrige m\u00faltiples vulnerabilidades. Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: Febrero 22, 2018 Fecha de modificaci\u00f3n: Febrero 22, 2018 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: www.drupal.org Sistemas Afectados \u2022 8.4.x \u2022 7.x I&#8230;.<\/p>\n","protected":false},"author":4,"featured_media":941,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1160"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1160\/revisions"}],"predecessor-version":[{"id":1161,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1160\/revisions\/1161"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/941"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}