Drupal Content moderation Access bypass · GHSA-86xw-vmcx-9mj4 · GitHub Advisory Database · GitHub

Drupal Content moderation Access bypass

Moderate severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

drupal/drupal (Composer)

Affected versions

>= 8.0.0, < 8.5.8

>= 8.6.0, < 8.6.2

Patched versions

8.5.8

8.6.2

Description

In some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass.

References

Published to the GitHub Advisory Database May 15, 2024

Reviewed May 15, 2024

Last updated May 15, 2024