Role Delegation module for Drupal privilege escalation |
NAME
Role Delegation module for Drupal privilege escalation
- Platforms Affected:
Parking Management System Parking Management System - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Privileges
DESCRIPTION
Role Delegation module for Drupal could allow a remote authenticated attacker to gain elevated privileges on the system, caused by access bypass vulnerability when used in combination with the Views Bulk Operations module. An attacker could exploit this vulnerability to assign the administrator role to his own user.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to SA-CONTRIB-2022-031 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.drupal.org/sa-contrib-2022-031 - Reference Link:
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
