Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038

Wed, 2022-05-04 09:26 — Anonymous (not verified)

Project: Quick Node CloneDate: 2022-May-04Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:None/II:Some/E:Proof/TD:AllVulnerability: Access bypassDescription: The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities.
The module has a vulnerability which allows attackers to bypass the protection to clone any group content with an access check. Users are allowed to copy other group's nodes, and if they do that, the node gets added to groups they don't have access to.Solution: Install the latest version:

If you use the Quick Node Clone module for Drupal 8.x, upgrade to Quick Node Clone 8.x-1.15

Reported By:

Benjamin Rasmussen

Fixed By:

Coordinated By:

Greg Knaddison of the Drupal Security Team
Damien McKenna of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2022-038

Search form

Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038