Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004

Project: ProfileDate: 2020-February-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access BypassDescription: The Profile module enables you to allow users to have configurable user profiles.
The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users.Solution: Install the latest version:

Also see the Profile project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article