Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055

Project: Custom PermissionsVersion: 8.x-1.x-devDate: 2019-July-10Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to add and manage additional custom permissions through the administration UI.
The module doesn't sufficiently check for the proper access permissions to this page.
This vulnerability is mitigated by the fact that an attacker must know the route of the Custom Permissions administration form though this is easily known.Solution: Install the latest version:

Also see the Custom Permissions project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article