Thunder – Moderately critical – Access bypass – SA-CONTRIB-2023-007

Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface. The module doesn’t sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing email addresses.Read More