[Security-news] Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029
security-news at drupal.org
security-news at drupal.org
Wed Mar 9 18:59:42 UTC 2022
View online: https://www.drupal.org/sa-contrib-2022-029
Project: Opigno Learning path [1]
Date: 2022-March-09
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Description:
This module is used as part of the Opigno LMS distribution and implements
learning paths for the LMS.
The module was providing too much user information about users such as the
list of groups a uid is in.
Solution:
Install the latest version:
* If you use the opigno_learning_path module for Drupal 9.x, upgrade to
3.0.1 opigno_learning_path 3.0.1 [3]
Reported By:
* Aaron Bauman [4]
Fixed By:
* Aaron Bauman [5]
* James Aparicio [6]
[1] https://www.drupal.org/project/opigno_learning_path
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/opigno_learning_path/releases/3.0.1
[4] https://www.drupal.org/user/384578
[5] https://www.drupal.org/user/384578
[6] https://www.drupal.org/user/2547544
More information about the Security-news
mailing list