Main Vulnerability Database SB2024022928

SB2024022928 - Improper access control in Node Access Rebuild Progressive module for Drupal

Published: February 29, 2024

Security Bulletin ID SB2024022928

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not sufficiently reset the state of content access when the module is uninstalled. A remote administrator can bypass implemented security restrictions and gain unauthorized access sensitive information.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/sa-contrib-2024-013