Private Taxonomy Terms - Critical - Access bypass, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2022-014
Project: Private Taxonomy Terms
Date: 2022-January-26
Security risk: Critical 15∕25
Vulnerability: Access bypass, Information Disclosure, Multiple vulnerabilities
Description
This module enables users to create 'private' vocabularies.
The module doesn't sufficiently check user access permissions when attempting to view, edit, or add terms to vocabularies, including vocabularies not managed by the module.