Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2009-060
- Project: Meta tags / Nodewords (third-party module)
- Version: 6.x
- Date: 2009-September-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
The Meta tags (also known as Nodewords) module provides meta tags based on node titles. In certain conditions, the node meta tags were not respecting access permissions, potentially exposing content not available otherwise.
- Meta tags for Drupal 6.x before Meta tags 6.x-1.1
Drupal core is not affected. If you do not use the contributed Meta tags module, there is nothing you need to do.
Install the latest version:
- If you use Drupal 6.x upgrade to Meta tags 6.x-1.1.
Also see the Meta tags project page.
Alberto Paderno, the module co-maintainer
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.