Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004

Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004

Project: Profile
Date: 2020-February-19
Security risk: Moderately critical 14∕25
Vulnerability: Access Bypass

Description

The Profile module enables you to allow users to have configurable user profiles.

The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users.

Solution

Install the latest version:

If you use the Profile module for Drupal 8.x, upgrade to Profile 8.x-1.1
Also see the Profile project page.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.