Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068

Project: Permissions by Term
Version: 8.x-1.x-dev
Date: 2019-September-25
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass

Description

This module enables you to control access to content based on taxonomy terms. The module doesn't sufficiently check if a given entity should be access controlled, defaulting to allowing access even to unpublished nodes.

The vulnerability is mitigated by the fact that the submodule Permissions by Entity must also be enabled.

Solution

Install the latest version:

If you use the Permissions by Term module for Drupal 8.x, upgrade to Permissions by Term 8.x-2.11
Also see the Permissions by Term project page.

https://www.drupal.org/sa-contrib-2019-068

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068

Description

Solution

We value your opinion. Please add your feedback.