Universally Unique IDentifier - Moderately critical - Access bypass - SA-CONTRIB-2019-052

Project: Universally Unique IDentifierDate: 2019-May-29Security risk: Moderately critical 14∕25 AC:Complex/A:User/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module provides an API for adding universally unique identifiers (UUID) to Drupal objects, most notably entities.
The module has a privilege escalation vulnerability when it's used in combination with Services+REST server.
This vulnerability is mitigated by the fact that an attacker must authenticate to the site, services module must be configured on the site and the user update resource enabled.Solution: Install the latest version:

  • If you use the Universally Unique IDentifier module for Drupal 7.x, upgrade to UUID 7.x-1.3

Also see the Universally Unique IDentifier project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-052