View online: https://www.drupal.org/sa-contrib-2018-075 Project: GatherContent [1] Date: 2018-November-28 Security risk: *Moderately critical* 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Access bypass Description:  This module enables you to import and export data from the GatherContent service. The module didn't properly protect its administrative paths. Solution:  * gathercontent 7.x versions prior to 7.x-3.5. Drupal core is not affected. If you do not use the contributed GatherContent [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the gathercontent module for Drupal 7.x, upgrade to gathercontent 7.x-3.5 [4] Reported By:  * Francisco Rodriguez [5] Fixed By:  * Roland Kovacsics [6] Coordinated By:  * Michael Hess [7] of the Drupal Security Team * Greg Knaddison [8] of the Drupal Security Team [1] https://www.drupal.org/project/gathercontent [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/gathercontent [4] https://www.drupal.org/project/gathercontent/releases/7.x-3.5 [5] https://www.drupal.org/user/2744561 [6] https://www.drupal.org/user/3528385 [7] https://www.drupal.org/u/mlhess [8] https://www.drupal.org/u/greggles