drupal7-path_breadcrumbs: access restriction bypass
| Package(s): | drupal7-path_breadcrumbs | CVE #(s): | |||||||||
| Created: | February 19, 2015 | Updated: | February 25, 2015 | ||||||||
| Description: | From the Drupal advisory:
The module doesn't check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user. This vulnerability is mitigated by the fact that it is possible to configure proper access control in Path Breadcrumbs items with “Selection Rules” from the UI. | ||||||||||
| Alerts: |
| ||||||||||