Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010

Project:

Date:

2024-February-21

Security risk:

Less critical 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:All

Vulnerability:

Access bypass

Affected versions:

<2.0.2

CVE IDs:

CVE-2024-13246

Description:

This module provides an alternative mean of rebuilding the Content Access table.

The module doesn't sufficiently reset the state of content access when the module is uninstalled.

Solution:

Install the latest version:

If you use the node_access_rebuild_progressive module for Drupal 9.4+, upgrade to node_access_rebuild_progressive 2.0.2

Reported By:

Fixed By:

Coordinated By:

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Follow the Drupal Security Team on Bluesky, or Mastodon or Linkedin.

The security team is made up of volunteers around the world. The companies above have sponsored time on this release.