Alinks - Moderately Critical -Access bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2017-058
* Project: Alinks (third-party module)
* Version: 8.x
* Date: 2017-August-02
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Access bypass

DESCRIPTION

This module enables you to automatically link keywords to specific URLs.

This module has an insufficient access check on the delete route.

Alinks uses the wrong permission for an access check.

VERSIONS AFFECTED

* Alinks 8.x-1.x versions prior to 8.x-1.1.

Drupal core is not affected. If you do not use the contributed Alinks module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the Alinks module for Drupal 8.x, upgrade to Alinks 8.x-1.1

Also see the Alinks project page: https://www.drupal.org/project/alinks

Add new comment