Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-021

Project:

Linky Revision UI

Date:

2021-June-30

Security risk:

Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon

Vulnerability:

Access bypass

Affected versions:

<2.127.2

Description:

This module provides a revision UI for Linky entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.

Solution:

Install the latest version:

If you use the Linky Revision UI module for Drupal 8.x, upgrade to Linky Revision UI 2.127.2

Reported By:

Adam

Fixed By:

Coordinated By:

Greg Knaddison of the Drupal Security Team
Damien McKenna of the Drupal Security Team

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter @drupalsecurity or Mastodon drupalsecurity@drupal.community.

Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-021

Contact and more information

Contributing organizations for this advisory

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community