Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001
Project: Private Taxonomy Terms Date: 2023-January-11 Security risk: Moderately critical 10∕25 Vulnerability: Access bypass
This module enables users to create 'private' vocabularies.
The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View private taxonomies"
Install the latest version:
- If you use the Private Taxonomy Terms module for Drupal 8.x, upgrade to Private Taxonomy Terms 8.x-2.6