Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003

Project: Subgroup
Version: 1.0.x-dev
Date: 2021-January-27
Security risk: Less critical 9∕25 
Vulnerability:Access bypass

Description

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.

When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group, rather than a direct ancestor or descendant. Trees with only multiple nodes at the lowest tier (or nowhere) are unaffected.
Solution:

Install the latest version, Subgroup 1.0.1, and clear your caches.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.