Project: Node View Permissions
Security risk: *Moderately critical* 14∕25
Vulnerability: Access Bypass
The Node view permissions module enables the "View own content" and "View any
content" permissions for each content type on the permissions page.
This module has a vulnerability that allows users with these permissions to
view unpublished content that they are not otherwise authorized to view.
Install the latest version:
* If you use the Node View Permissions module for Drupal 7.x, upgrade to
Node View Permissions 7.x-1.5 or higher.
* If you use the Node View Permissions module for Drupal 8.x, upgrade to
Node View Permissions 8.x-1.1 or higher.