What the vulnerability does
01Description
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
CVSS base score
What the vulnerability does
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
Explanation of Vulnerability in Simple Terms
A privilege escalation vulnerability exists in the Drupal Role Delegation module versions 1.3.0 through 1.4.x. The module does not properly validate role assignment permissions, allowing users with certain privileges to assign roles they should not have access to. This affects sites using the vulnerable module versions. Update to version 1.5.0 or later to resolve the issue.
What an attacker can do
Assign roles to users that exceed their own permission level.
Potential impact on your site
Unauthorized users may gain elevated privileges, compromising site security and access controls.
Conditions required to exploit
Attacker must have an account with role delegation capabilities on the site.
Key dates
External resources