Description

The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog.

The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form.

CVE identifier(s) issued

  • CVE-2013-2247

Versions affected

  • Fast Permissions Administration 6.x-2.x versions prior to 6.x-2.5.
  • Fast Permissions Administration 7.x-2.x versions prior to 7.x-2.3.

Drupal core is not affected. If you do not use the contributed Fast Permissions Administration module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Fast Permissions Administration project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.