Date:
Wednesday, Jun 28th, 2017
Advisory ID:
BACKDROP-SA-CONTRIB-2017-006
Security risk:
Moderately Critical
Vulnerability:
Information Disclosure
Versions affected:
- Project: SMTP Authentication Support (third-party module) versions prior to 1.3.3
Backdrop core is not affected. If you do not use the contributed SMTP Authentication Support module, there is nothing you need to do.
Description:
This SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Backdrop. When this module is in debugging mode, it will log privileged information.
Solution:
- If you use the smtp module for Backdrop CMS 1.x, upgrade to smtp 1.x-1.3.3
Reported By:
- Baysaa of the Drupal Security Team
- Geoff St Pierre of the Backdrop Security Team
Fixed By:
- Fabiano Sant'Ana the Drupal module maintainer
- José San Martin the Drupal module maintainer
- David Snopek of the Drupal Security Team
- Cash Williams of the Drupal Security Team
- Michael Hess of the Drupal Security Team
- Jen Lampton the Backdrop module maintainer
Coordinated By:
- Michael Hess of the Drupal Security Team
- Geoff St Pierre of the Backdrop Security Team