Improper access control in Diff - #VU97979
Published: October 3, 2024
Diff
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not sufficiently check revision access before rendering a diff report for nodes or general entities that support diff. A remote user can bypass implemented security restrictions and gain unauthorized access to sensitive information.