Rabbit Hole - Moderately critical - Access bypass - SA-CONTRIB-2019-029

Project: Rabbit HoleVersion: 7.x-2.x-devDate: 2019-February-27Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: The Rabbit Hole module allows administrators to control what should happen when a regular user tries to view an entity at its own page; for example, it may deliver a 403 Access Denied or 404 Page Not Found response, or redirect the user to another path.
The module doesn't respect the Rabbit Hole settings when an entity is being requested with a certain header. This could lead to certain data being exposed even if it shouldn't be. The vulnerability is mitigated by the fact that the user also needs permission to view the content being requested.Solution: Install version 7.x-2.25, available at https://www.drupal.org/project/rabbit_hole/releases/7.x-2.25.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-029