Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dww on
- Advisory ID: DRUPAL-SA-2008-025
- Project: Simple access (third-party module)
- Version: 5.x-1.*
- Date: 2008-April-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Description
The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles.
The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered via the interaction with other modules, such as Node clone or Project issue tracking.
Versions affected
- Simple access for Drupal 5.x up to and including version 5.x-1.2-2
Drupal core is not affected. If you do not use the contributed Simple access module, there is nothing you need to do.
Solution
Install the latest version:
Simple access 5.x-1.3
See also the Simple access project page.
Reported by
Derek Wright of the Drupal Security Team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
