Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001
Project: Private Taxonomy Terms
Date: 2023-January-11
Security risk: Moderately critical 10∕25
Vulnerability: Access bypassDescription
This module enables users to create 'private' vocabularies.
The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View private taxonomies"
Solution
Install the latest version:
- If you use the Private Taxonomy Terms module for Drupal 8.x, upgrade to Private Taxonomy Terms 8.x-2.6
We value your opinion. Please add your feedback.