Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Project: SubgroupVersion: 1.0.x-devDate: 2021-January-27Security risk: Less critical 9∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.
When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group, rather than a direct ancestor or descendant. Trees with only multiple nodes at the lowest tier (or nowhere) are unaffected.Solution: Install the latest version, Subgroup 1.0.1, and clear your caches.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2021-003