DRUPAL-CONTRIB-2020-032

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/group/DRUPAL-CONTRIB-2020-032.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-032

Published

2020-08-05T15:47:56Z

Modified

2025-12-10T23:30:25.411664Z

Summary

[none]

Details

The Group module enables you to hand out permissions on a smaller subset, section or community of your website.

With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.

References

https://www.drupal.org/sa-contrib-2020-032

Credits

- Martijn Vermeulen
- - https://www.drupal.org/user/960720
- Sean Blommaert
- - https://www.drupal.org/user/545912

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/group

Package

Name: drupal/group
Purl: pkg:composer/drupal/group

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.0

Database specific

{
    "constraint": "<1.2.0"
}

Database specific

affected_versions

"<1.2.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/group/DRUPAL-CONTRIB-2020-032.json"