ACCESS BYPASS ----
* Advisory ID: DRUPAL-SA-CONTRIB-2009-003
* Project: Internationalization (i18n) (third-party module)
* Version: 5.x-2.x
* Date: 2009-January-14
* Security risk: Less critical
* Exploitable from: Remote
* Vulnerability: Access bypass
---- DESCRIPTION ----
The third-party i18n module enables users to make a translation of an existing
item of content (a node). In that process the existing node's content is copied
into the new node.
The module contains a flaw that allows a user with the 'translate node'
permission to potentially bypass normal viewing access restrictions, for example
allowing the user to see the content of unpublished nodes even if they do not
have permission to view unpublished nodes.
---- VERSIONS AFFECTED ----
* All 5.x versions of Internationalization (i18n) prior to 5.x-2.5.
Drupal core is not affected. If you do not use the contributed
Internationalization (i18n) module, there is nothing you need to do.
---- SOLUTION ----
Install the latest version:
* If you use 5.x-2.x upgrade to Internationalization 5.x-2.5 [
See also the Internationalization project page [ http://drupal.org/project/i18n
---- REPORTED BY ----
---- CONTACT ----
Unsubscribe from this newsletter: http://drupal.org/newsletter/confirm/remove/73ff60b93f11343t44