cck_field_privacy 6.x-1.1
obsidiandesign - March 21, 2009 - 22:12
| Download | Size | md5 hash |
|---|---|---|
| cck_field_privacy-6.x-1.1.tar.gz | 12.96 KB | 7f9c85990c6ff2f5e9f3bcf614a9fb75 |
Official release from CVS tag: DRUPAL-6--1-1
Last updated: March 21, 2009 - 22:15
Security update for DRUPAL-SA-CONTRIB-2009-014
#409626: Anonymous users can navigate to admin/content/cck_field_privacy page by merchadmin - CCK Field Privacy was incorrectly updated for the Drupal 6.x menu system in such a way that the intended access controls for the administrative pages are by-passed for unprivileged users. This may allow users to change permissions on fields and lead to exposure of private content.