Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-055

Project: Permissions by TermVersion: 3.1.173.1.163.1.153.1.143.1.133.1.123.1.113.1.103.1.93.1.83.1.73.1.63.1.53.1.43.1.33.1.23.1.13.1.03.0.13.0.0Date: 2022-September-07Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables you to restrict content via taxonomy terms and related permissions.
The module doesn't sufficiently restrict cached content in certain circumstances.
This vulnerability is mitigated by the fact that it only occurs when multiple entity types are enabled in the module.Solution: Install the latest version:

  • If you use the Permissions by Term module for Drupal 9.x, upgrade to version 3.1.19

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-055