Main Vulnerability Database Vulnerabilities #VU71353

Improper access control in Private Taxonomy Terms - #VU71353

Published: January 19, 2023

Vulnerability identifier: #VU71353

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Private Taxonomy Terms

Software vendor:
mvidelgauz

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not enforce permissions appropriately for the taxonomy overview page and overview form. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2023-001

Improper access control in Private Taxonomy Terms - #VU71353

Description

Remediation

External links

Please verify you're human