Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-017

Project: WebformDate: 2020-May-06Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: This module enables you to build forms and surveys in Drupal.
The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which implement webform_node, node, or entity access checks may not achieve the intended access results for Webform Node content.
There is no known exploit of this vulnerability and the vulnerability only exists on sites with custom code and a node access module in use.Solution: Install the latest version:

Also see the Webform project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-017