
<div dir="ltr"><br><div class="gmail_quote">View online: <a href="https://www.drupal.org/sa-contrib-2022-051" rel="noreferrer" target="_blank">https://www.drupal.org/sa-contrib-2022-051</a><br>

<br>

Project: Tagify [1]<br>

Version: 1.0.41.0.31.0.2-beta11.0.1-beta11.0.0-beta1<br>

Date: 2022-July-27<br>

Security risk: *Moderately critical* 11∕25<br>

AC:Complex/A:User/CI:None/II:Some/E:Exploit/TD:Uncommon [2]<br>

Vulnerability: Access bypass<br>

<br>

Description: <br>

This module provides a widget to transform entity reference fields into a<br>

more user-friendly tags input component with a great performance.<br>

<br>

The module doesn't sufficiently check access for the add operation. Users<br>

with permission to edit content can view and reference unpublished terms. The<br>

edit form may expose term data that users could not otherwise see, since<br>

there is no term view route by default.<br>

<br>

This vulnerability is slightly mitigated by the fact that an attacker must<br>

have a role with the permission "access content", so may not be accessible to<br>

anonymous users on all sites.<br>

<br>

Solution: <br>

Install the latest version:<br>

<br>

   * If you use the Tagify module for Drupal 9.x, upgrade to Tagify 1.0.5 [3]<br>

<br>

Reported By: <br>

   * Conrad Lara [4]<br>

<br>

Fixed By: <br>

   * David Galeano [5]<br>

   * Conrad Lara [6]<br>

<br>

Coordinated By: <br>

   * Damien McKenna [7] of the Drupal Security Team<br>

   * Greg Knaddison [8] of the Drupal Security Team<br>

<br>

<br>

[1] <a href="https://www.drupal.org/project/tagify" rel="noreferrer" target="_blank">https://www.drupal.org/project/tagify</a><br>

[2] <a href="https://www.drupal.org/security-team/risk-levels" rel="noreferrer" target="_blank">https://www.drupal.org/security-team/risk-levels</a><br>

[3] <a href="https://www.drupal.org/project/tagify/releases/1.0.5" rel="noreferrer" target="_blank">https://www.drupal.org/project/tagify/releases/1.0.5</a><br>

[4] <a href="https://www.drupal.org/user/1790054" rel="noreferrer" target="_blank">https://www.drupal.org/user/1790054</a><br>

[5] <a href="https://www.drupal.org/user/3591999" rel="noreferrer" target="_blank">https://www.drupal.org/user/3591999</a><br>

[6] <a href="https://www.drupal.org/user/1790054" rel="noreferrer" target="_blank">https://www.drupal.org/user/1790054</a><br>

[7] <a href="https://www.drupal.org/user/108450" rel="noreferrer" target="_blank">https://www.drupal.org/user/108450</a><br>

[8] <a href="https://www.drupal.org/user/36762" rel="noreferrer" target="_blank">https://www.drupal.org/user/36762</a><br>

<br>

_______________________________________________<br>

Security-news mailing list<br>

<a href="mailto:Security-news@drupal.org" target="_blank">Security-news@drupal.org</a><br>

Unsubscribe at <a href="https://lists.drupal.org/mailman/listinfo/security-news" rel="noreferrer" target="_blank">https://lists.drupal.org/mailman/listinfo/security-news</a></div><div class="gmail_quote"><br></div><div class="gmail_quote"><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>===</div><div>Computer Security Incident Response Team - CSIRT</div><div>Universidade Estadual de Campinas - Unicamp</div><div>Centro de Computacao - CCUEC</div><div>GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div>Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div>

</div></div>