Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-056

Project: Permissions by TermVersion: 3.1.18Date: 2022-September-07Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables you to set content permissions based on taxonomy terms.
The module doesn't sufficiently restrict access to translated and unpublished nodes.
This vulnerability is mitigated by the fact that it only affects sites with translated content.Solution: Install the latest version:

  • If you use the Permissions by Term module for Drupal 9.x, upgrade to version 3.1.19

Reported By: 

Fixed By: 

Coordinated By: 

Path to article