Workbench Moderation - Moderately critical - Access bypass - SA-CONTRIB-2018-067

Project: Workbench Moderation
Date: 2018-October-17
Security risk: *Moderately critical* 11∕25
Vulnerability: Access bypass

Description

The Workbench Moderation module adds arbitrary moderation states to Drupal
core's "unpublished" and "published" node states, and affects the behavior of
node revisions when nodes are published.

In some conditions, content moderation fails to check a users access to use
certain transitions, leading to an access bypass.

This issue is related to the Drupal Core release SA-CORE-2018-006.

Solution

Install the latest version:

* If you use the Workbench Moderation module for Drupal 8.x, upgrade to
Workbench Moderation 8.x-1.4

Add new comment