The Better Mega Menu - Moderately critical - Access bypass - SA-CONTRIB-2021-041

Project: The Better Mega MenuDate: 2021-September-22Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Access bypassDescription: This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view.
The vulnerability is mitigated by the fact that it can only be exploited by an attacker with the "Administer TB Mega Menu" permission.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article