BID:106643

Drupal GatherContent Module Access Bypass Vulnerability

Info

Drupal GatherContent Module Access Bypass Vulnerability

Bugtraq ID:	106643
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 28 2018 12:00AM
Updated:	Nov 28 2018 12:00AM
Credit:	Francisco Rodriguez
Vulnerable:	Drupal GatherContent 7.x-3.4 Drupal GatherContent 7.x-3.3 Drupal GatherContent 7.x-3.2 Drupal GatherContent 7.x-3.1 Drupal GatherContent 7.x-3.0

Not Vulnerable:	Drupal GatherContent 7.x-3.5

Solution / Fix

Drupal GatherContent Module Access Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Drupal GatherContent Module Access Bypass Vulnerability

References:

Drupal Homepage (Drupal)
SA-CONTRIB-2018-075: GatherContent - Moderately critical - Access bypass (Drupal)