5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.967 High
EPSS
Percentile
99.7%
Monster Menus is a hierarchical menu tree, which provides highly scalable, granular permissions for all pages within a site.
The module includes an option to remove nodes from view (add them to a “recycle bin”) rather than deleting them outright. When a node has been put into a bin using an affected version of the module, it remains visible via a seldom-used URL pattern to the users to whom it had been visible previously, when it was outside of the recycle bin.
This vulnerability is mitigated by the facts that:
Drupal core is not affected. If you do not use the contributed Monster Menus module, there is nothing you need to do.
Install the latest version:
Also see the Monster Menus project page.