Date: 
2017-November-08
Vulnerability: 
Access bypass
Affected versions: 
<1.1.0
Description: 

Custom Permissions is a lightweight module that allows permissions to be created and managed through an administrative form.

When this module is in use, any user who is able to perform an action which rebuilds some of Drupal's caches can trigger a scenario in which certain pages protected by this module's custom permissions temporarily lose those custom access controls, thereby leading to an access bypass vulnerability.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: