Drupal Author Pane module security bypass weakness

A weakness has been reported in the Author Pane module for Drupal, which can be exploited by malicious people to bypass certain security restrictions, according to Secunia.

The weakness is caused due to the module improperly verifying the “view all user locations” access permissions when displaying user locations through the Location module, which can be exploited to disclose the location of arbitrary users.

Successful exploitation of this weakness requires that display of user locations is enabled within the module.

The weakness is reported in versions prior to 6.x-2.2.

Solution: Update to version 6.x-2.2.




Share this