Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Project: Views Bulk Operations (VBO)Date: 2020-February-05Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: Views Bulk Operations provides enhancements to running bulk actions on views.
The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.
This vulnerability is mitigated by the fact that it only occurs in the case of customised action access (by means of hook_action_info_alter).Solution: Install the latest version:

Also see the Views Bulk Operations (VBO) project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-003