Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2021-September-22
Vulnerability:
Access bypass
Affected versions:
<1.4.0 || 2.0.0
Description:
This module enables sites to define a domain from Domain Access that points directly to a group page.
The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to.
Solution:
Install the latest version:
- If you use the domain_group module for Drupal 8.x, upgrade to domain_group 8.x-1.04
- If you use the domain_group module for Drupal 9.x, upgrade to domain_group 2.0.1
Reported By:
Fixed By:
Coordinated By:
- Damien McKenna of the Drupal Security Team
