Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
BID:40116
Info
Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
| Bugtraq ID: | 40116 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2010 12:00AM |
| Updated: | May 12 2010 12:00AM |
| Credit: | mr.baileys |
| Vulnerable: |
Drupal AutoAssign Role 6.x-1.1 |
| Not Vulnerable: |
Drupal AutoAssign Role 6.x-1.2 |
Discussion
Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
The AutoAssign Role module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
Versions prior to AutoAssign Role 6.x-1.2 are vulnerable.
The AutoAssign Role module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.
Versions prior to AutoAssign Role 6.x-1.2 are vulnerable.
Exploit / POC
Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
Solution:
Updates are available; please see the references for more information.
Drupal AutoAssign Role 6.x-1.1
Solution:
Updates are available; please see the references for more information.
Drupal AutoAssign Role 6.x-1.1
-
Drupal autoassignrole-6.x-1.2.tar.gz
http://ftp.drupal.org/files/projects/autoassignrole-6.x-1.2.tar.gz
References
Drupal AutoAssign Role Module Node Access Security Bypass Vulnerability
References:
References: