The AltaGrade Blog

Booking and Availability Management Tools for Drupal - Moderately critical - Access Bypass - SA-CONTRIB-2019-074

Project: Booking and Availability Management Tools for Drupal
Date: 2019-October-16
Security risk: Moderately critical 11∕25
Vulnerability: Access Bypass


The Bat module provides a foundation through which a wide range of availability management, reservation and booking use cases can be addressed.

The routes used to view events don't sufficiently guard access for non-privileged users. Specifically, a user with the 'View own' permission for bat events can view others' events as well.

Read More

Maintenance on all Germany-based servers

Type: Maintenance work
Category: Advanced infrastructure
Start: October 16, 2019 3:00 AM CEST
End: October 16, 2019 3:05 AM CEST


In the above mentioned period maintenance on our European data-center will be performed. During this maintenance, the affected servers and the websites hosted accounts on them will not be available for about five minutes.

Affected clients

AltaGrade clients who have their projects hosted on Germany-based AltaGrade servers.

Read More