CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
99.7%
This module enables you to configure breadcrumbs for any Drupal page.
The module doesnβt check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user.
This vulnerability is mitigated by the fact that it is possible to configure proper access control in Path Breadcrumbs items with βSelection Rulesβ from the UI.
Drupal core is not affected. If you do not use the contributed Path Breadcrumbs module,
there is nothing you need to do.
Install the latest version:
Also see the Path Breadcrumbs project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/path_breadcrumbs
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/greggles
www.drupal.org/u/kalabro
www.drupal.org/user/59351
www.drupal.org/user/810676
www.drupal.org/writing-secure-code