Provision - Moderately critical - Access bypass - SA-CONTRIB-2019-002

Project: ProvisionVersion: 7.x-3.170Date: 2019-January-09Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: Aegir is a Web hosting control panel program that provides a Drupal-based graphical interface designed to simplify deploying, managing and upgrading an entire network of Drupal, Wordpress and CiviCRM Web sites. The Provision module is a core piece of the Aegir platform.
This module doesn't sufficiently shield multi-site installations or the PHP source code.
This vulnerability is mitigated by the fact that the server must be using Apache. For multi-site installations, the server must host multiple sites on a common platform. Additionally an attacker must have a knowledge about used filenames and the server.
Solution: Install the latest version:

Also see the Provision project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article