Domain Group - Critical - Access bypass - SA-CONTRIB-2021-037

Domain Group - Critical - Access bypass - SA-CONTRIB-2021-037

Project: Domain Group
Date: 2021-September-22
Security risk: Critical 18∕25
Vulnerability: Access bypass

Description

This module enables sites to define a domain from Domain Access that points directly to a group page.

The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to.

Solution

Install the latest version:

If you use the domain_group module for Drupal 8.x, upgrade to domain_group 8.x-1.04
If you use the domain_group module for Drupal 9.x, upgrade to domain_group 2.0.1

We value your opinion. Please add your feedback.