The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
CPE | Name | Operator | Version |
---|---|---|---|
hostmaster | eq | 6.120.12 | |
hostmaster | eq | 6.120.13 | |
hostmaster | eq | 6.120.14 | |
hostmaster | eq | 6.120.15 | |
hostmaster | eq | 6.120.16 | |
hostmaster | eq | 6.120.17 | |
hostmaster | eq | 6.120.18 | |
hostmaster | eq | 6.x-1.x dev |