GHSA-86xw-vmcx-9mj4

Source

https://github.com/advisories/GHSA-86xw-vmcx-9mj4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-86xw-vmcx-9mj4/GHSA-86xw-vmcx-9mj4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-86xw-vmcx-9mj4

Published

2024-05-15T20:53:24Z

Modified

2024-11-29T05:32:36.143729Z

Summary

Drupal Content moderation Access bypass

Details

In some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T20:53:24Z"
}

References

Affected packages

Packagist / drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.5.8

Affected versions

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

8.3.9

8.4.0-alpha1

8.4.0-beta1

8.4.0-rc1

8.4.0-rc2

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.4.6

8.4.7

8.4.8

8.5.0-alpha1

8.5.0-beta1

8.5.0-rc1

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

Packagist / drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.6.0

Fixed

8.6.2

Affected versions

8.*

8.6.0

8.6.1