5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.967 High
EPSS
Percentile
99.7%
This module allows different access permissions to be given to authors, referenced users and non-referenced users.
When an author has created content containing a user reference field (with author update/delete grants enabled) and the author’s user account is later deleted, content created by them can be edited by anonymous users.
Drupal core is not affected. If you do not use the contributed Node access user reference module, there is nothing you need to do.
Install the latest version:
Also see the Node access user reference project page.
drupal.org/contact
drupal.org/node/2007072
drupal.org/node/2007078
drupal.org/project/nodeaccess_userreference
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/user/16327
drupal.org/user/241220
drupal.org/user/347249
drupal.org/user/36762
drupal.org/writing-secure-code