Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038

Project: Quick Node CloneDate: 2022-May-04Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:None/II:Some/E:Proof/TD:AllVulnerability: Access bypassDescription: The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities.
The module has a vulnerability which allows attackers to bypass the protection to clone any group content with an access check. Users are allowed to copy other group's nodes, and if they do that, the node gets added to groups they don't have access to.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-038