DRUPAL-CONTRIB-2023-001

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/private_taxonomy/DRUPAL-CONTRIB-2023-001.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-001
Published
2023-01-11T17:15:37Z
Modified
2025-12-10T23:30:49.190778Z
Summary
[none]
Details

This module enables users to create 'private' vocabularies.

The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View private taxonomies"

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/private_taxonomy

Package

Name
drupal/private_taxonomy
Purl
pkg:composer/drupal/private_taxonomy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0
Database specific
{
    "constraint": "<2.6.0"
}

Database specific

affected_versions
"<2.6.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/private_taxonomy/DRUPAL-CONTRIB-2023-001.json"