Thunder – Moderately critical – Access bypass – SA-CONTRIB-2023-007
Discription
Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface. The module doesn’t sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing email addresses.Read More
References
https://www.drupal.org/user/262198https://www.drupal.org/user/1868952https://www.drupal.org/user/36762https://www.drupal.org/user/404865https://www.drupal.org/user/324945https://www.drupal.org/user/57527Back to Main