Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041
Project: Smart IP BanDate: 2024-September-18Security risk: Critical 18 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The Smart IP Ban module enables a site to automatically ban an IP address based upon too many failed authentications.
The module doesn't sufficiently protect access to certain paths provided by the module allowing a malicious user to view and modify the settings.Solution: Install the latest version:
- If you use the Smart IP Ban module for Drupal 7.x, upgrade to Smart IP Ban 7.x-1.1
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team