Vulnerability from drupal
Published
2020-05-06 16:59
Modified
2023-08-11 17:54
Summary
Details

This webform module enables you to build 'Term select' and 'Term checkboxes' elements.

The module doesn't sufficiently check term 'view' access when rendering the 'Term select' and 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term select' and 'Term checkboxes' elements.

Credits
James Gilliland www.drupal.org/user/48673
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c5.11.0"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/webform"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c5.11.0"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/48673"
      ],
      "name": "James Gilliland"
    }
  ],
  "details": "This webform module enables you to build \u0027Term select\u0027 and \u0027Term checkboxes\u0027 elements.\n\nThe module doesn\u0027t sufficiently check term \u0027view\u0027 access when rendering the \u0027Term select\u0027 and \u0027Term checkboxes\u0027 elements. Unpublished terms will always appear in the \u0027Term select\u0027 and \u0027Term checkboxes\u0027 elements.",
  "id": "DRUPAL-CONTRIB-2020-016",
  "modified": "2023-08-11T17:54:28.000Z",
  "published": "2020-05-06T16:59:39.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2020-016"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.