DRUPAL-CONTRIB-2019-014

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/acquia_connector/DRUPAL-CONTRIB-2019-014.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2019-014
Published
2019-02-06T18:13:19Z
Modified
2025-12-10T23:28:48.078892Z
Summary
[none]
Details

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service.

The module does not properly enforce access control in a specific case, which can lead to disclosing information.

The vulnerability is mitigated by requiring the module diff feature to be enabled. This feature is enabled by default.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/acquia_connector

Package

Name
drupal/acquia_connector
Purl
pkg:composer/drupal/acquia_connector

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.0
Database specific 
{
    "constraint": "<1.16.0"
}

Database specific

affected_versions 
"<1.16.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/acquia_connector/DRUPAL-CONTRIB-2019-014.json"