Domain Group - Critical - Access bypass - SA-CONTRIB-2021-037
Project: Domain Group
Date: 2021-September-22
Security risk: Critical 18∕25
Vulnerability: Access bypassDescription
This module enables sites to define a domain from Domain Access that points directly to a group page.
The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to.
Solution
Install the latest version:
If you use the domain_group module for Drupal 8.x, upgrade to domain_group 8.x-1.04
If you use the domain_group module for Drupal 9.x, upgrade to domain_group 2.0.1
We value your opinion. Please add your feedback.