Vigil@nce - Drupal Administer Users by Role: privilege escalation
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Drupal Administer Users by Role, in order to
escalate his privileges.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 11/12/2014
DESCRIPTION OF THE VULNERABILITY
The Administer Users by Role module can be installed on Drupal.
However, an attacker can bypass access restrictions.
An attacker can therefore use Drupal Administer Users by Role, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Administer-Users-by-Role-privilege-escalation-15775