• Advisory ID: DRUPAL-SA-CONTRIB-2009-060
  • Project: Meta tags / Nodewords (third-party module)
  • Version: 6.x
  • Date: 2009-September-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Description

The Meta tags (also known as Nodewords) module provides meta tags based on node titles. In certain conditions, the node meta tags were not respecting access permissions, potentially exposing content not available otherwise.

Versions affected

  • Meta tags for Drupal 6.x before Meta tags 6.x-1.1

Drupal core is not affected. If you do not use the contributed Meta tags module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Meta tags project page.

Reported by

Barry Jaspan and Ben Jeavons, both of the Drupal Security Team

Fixed by

Alberto Paderno, the module co-maintainer

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.