Acquia DAM – Moderately critical – Access bypass, Denial of Service – SA-CONTRIB-2024-025

Drupal Security Advisory

Project: 
Date: 
2024-June-05
Vulnerability: 
Access bypass, Denial of Service
Affected versions: 
<1.0.13 || >=1.1.0 <1.1.0-beta3
Description: 

Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance.

The module doesn’t sufficiently protect the ability to disconnect a site from DAM. While disconnected sites do not lose asset data in Drupal, it will prevent site editors from accessing the DAM until a site administrator re-authenticates the site. Some uncached media images may also fail to be fetched while disconnected.

Solution: 

Install the latest version:

  • If you use the acquia_dam module for Drupal 9.4 or above, upgrade to Acquia DAM 1.0.13.
  • If you use a pre-release version of acquia_dam 1.1, upgrade to Acquia DAM 1.1.0-beta3. (Note: beta releases generally do not receive security coverage.)
Reported By: 
Fixed By: 
Coordinated By: 

READ MORE