Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012

Project: Private contentDate: 2024-February-28Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: <2.1.0Description: This module gives each node a 'private' checkbox. If it's set, the node can only be seen by the node author, or users with the 'access private content' permission.
The module incorrectly grants access to private nodes under certain specific circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Access private content".Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article