Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035

Project: Content Entity CloneDate: 2024-September-04Security risk: Moderately critical 11∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Information DisclosureAffected versions: <1.0.4Description: This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle.
The module doesn't properly check the user access to the original entity, allowing users to create a new entity (they have permission to create) pre-filled with content from another entity of the same type and bundle that they would normally not have access to.
This vulnerability is mitigated by the fact that an attacker must have the permission to create content of the type of the entity to clone.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-035