Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068

Project: Permissions by TermVersion: 8.x-1.x-devDate: 2019-September-25Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables you to control access to content based on taxonomy terms. The module doesn't sufficiently check if a given entity should be access controlled, defaulting to allowing access even to unpublished nodes.
The vulnerability is mitigated by the fact that the submodule Permissions by Entity must also be enabled.Solution: Install the latest version:

Also see the Permissions by Term project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article