It was reported [1] that Path Breadcrumbs module doesn't check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user. This vulnerability is mitigated by the fact that it is possible to configure proper access control in Path Breadcrumbs items with “Selection Rules” from the UI. [1]: https://www.drupal.org/node/2420139
Created drupal7-path_breadcrumbs tracking bugs for this issue: Affects: fedora-all [bug 1190135] Affects: epel-all [bug 1190136]
CVE request: http://seclists.org/oss-sec/2015/q1/436
drupal7-path_breadcrumbs-3.2-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-path_breadcrumbs-3.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-path_breadcrumbs-3.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
drupal7-path_breadcrumbs-3.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Hi Vasyl! Can we close this issue because the updated modules are in stable repositories?
(In reply to Peter Borsa from comment #7) > Hi Vasyl! > > Can we close this issue because the updated modules are in stable > repositories? Hi Peter, yes, this can be closed.