Main Vulnerability Database SB2024022213

SB2024022213 - Improper access control in Node Access Rebuild Progressive module for Drupal

Published: February 22, 2024

Security Bulletin ID SB2024022213

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not sufficiently reset the state of content access when the module is uninstalled. A remote administrator can bypass implemented security restrictions and gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/sa-contrib-2024-010