DRUPAL-CONTRIB-2021-037

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/domain_group/DRUPAL-CONTRIB-2021-037.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-037
Published
2021-09-22T17:17:05Z
Modified
2025-12-10T23:33:52.373772Z
Summary
[none]
Details

This module enables sites to define a domain from Domain Access that points directly to a group page.

The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/domain_group

Package

Name
drupal/domain_group
Purl
pkg:composer/drupal/domain_group

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0
Database specific
{
    "constraint": "<1.4.0"
}
Type
ECOSYSTEM
Events
Introduced
2.0.0
Last affected
2.0.0
Database specific
{
    "constraint": "2.0.0"
}

Database specific

affected_versions
"<1.4.0 || 2.0.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/domain_group/DRUPAL-CONTRIB-2021-037.json"