Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003
Project: Subgroup Version: 1.0.x-dev Date: 2021-January-27 Security risk: Less critical 9∕25 Vulnerability:Access bypass
This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.
When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group, rather than a direct ancestor or descendant. Trees with only multiple nodes at the lowest tier (or nowhere) are unaffected.
Install the latest version, Subgroup 1.0.1, and clear your caches.