Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001

Project: Private Taxonomy TermsDate: 2023-January-11Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables users to create 'private' vocabularies.
The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View private taxonomies" Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article