Drupal Relation Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in the Drupal Relation module. An attacker could use the vulnerability to bypass certain security restrictions and perform unauthoriz...

Relation - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-063

This module enables you to store relationships between entities as fieldable entities. The module doesn't sufficiently check permissions when displaying related entities labels with the Relation Dummy Field module widget. This vulnerability is mitigated by the fact that the optional Relation Dumm...