DRUPAL-CONTRIB-2020-004

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/profile/DRUPAL-CONTRIB-2020-004.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-004

Published

2020-02-19T17:22:22Z

Modified

2025-12-10T23:30:27.694619Z

Summary

[none]

Details

The Profile module enables you to allow users to have configurable user profiles.

The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users.

References

https://www.drupal.org/sa-contrib-2020-004

Credits

- karl972
- - https://www.drupal.org/user/1541584

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/profile

Package

Name: drupal/profile
Purl: pkg:composer/drupal/profile

Affected ranges

Type

ECOSYSTEM

Events

Introduced

1.0.0

Last affected

1.0.0

Database specific

{
    "constraint": "1.0.0"
}

Database specific

affected_versions

"1.0.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/profile/DRUPAL-CONTRIB-2020-004.json"