Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2023-March-01
Vulnerability:
Access bypass
Affected versions:
>=2.0.0 <2.0.2
Description:
This module enables you to associate Forums as Group 1.x content and use Group access permissions.
Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics.
Solution:
Install the latest version:
- If you use the Group control for forums module for Drupal 9.x or 10.x, upgrade to Group control for forums 2.0.2
Reported By:
Fixed By:
Coordinated By:
- Damien McKenna of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
