View online: https://www.drupal.org/sa-contrib-2021-020

Project: Apigee Edge [1] Date: 2021-June-30 Security risk: *Moderately critical* 11∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass

Description:  The Apigee Edge module allows connecting a Drupal site to Apigee Edge in order to build a developer portal.

The module did not properly validate user access for data creation in certain circumstances.

Solution:  Install the latest version:

* If you use the apigee_edge module for Drupal 8.x, upgrade to Apigee Edge module 8.x-1.2 or later. Note that the 8.x-1.2 release is old and superseded due to SA-CONTRIB-2020-028 . Users of the module should upgrade to a version including or newer than 8.x-1.12.

Reported By:  * trebde [3]

Fixed By:  * trebde [4] * gitesh.koli [5]

Coordinated By:  * Greg Knaddison [6] of the Drupal Security Team * Damien McKenna [7] of the Drupal Security Team

[1] https://www.drupal.org/project/apigee_edge [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/user/3629605 [4] https://www.drupal.org/user/3629605 [5] https://www.drupal.org/user/673858 [6] https://www.drupal.org/user/36762 [7] https://www.drupal.org/user/108450