Vulnerability which can be fixed publicly because it requires an advanced permission
Last updated on
29 February 2024
Steps to follow:
- Grant the module maintainer access to the issue so they will know what is going on.
- Post this as a comment on the issue (note that "NAME" in the bug report URL below needs to be replaced with the actual project name).
If the report was received via email, do the same things, but via email.
After review, this vulnerability can be fixed publicly as per https://www.drupal.org/security-advisory-policy because it requires the attacker to have advanced permission that already makes the site compromised.
Please file a critical bug report against https://www.drupal.org/node/add/project-issue/NAME?tags=Security%20improvements in the public issue queue. I'm granting the module maintainers access to this issue for their awareness.
Thank you for reporting this issue to the Drupal security team.
Regards,
{your name} on behalf of the Drupal Security Team
Help improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
