Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2021-June-30
Vulnerability:
Access bypass
Affected versions:
<1.12.0
Description:
The Apigee Edge module allows connecting a Drupal site to Apigee Edge in order to build a developer portal.
The module did not properly validate user access for data creation in certain circumstances.
Solution:
This issue was fixed in Apigee Edge module version 8.x-1.2 and newer. However, since versions before 8.x-1.12 contain the issue described in SA-CONTRIB-2020-028, users of the Apigee Edge module for Drupal 8.x should upgrade to version 8.x-1.12 or newer.
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
