Private content – Moderately critical – Access bypass – SA-CONTRIB-2024-012

Drupal Security Advisory

Project: 
Date: 
2024-February-28
Vulnerability: 
Access bypass
Affected versions: 
<2.1.0
Description: 

This module gives each node a ‘private’ checkbox. If it’s set, the node can only be seen by the node author, or users with the ‘access private content’ permission.

The module incorrectly grants access to private nodes under certain specific circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Access private content”.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: 

READ MORE