CIVI-SA-2014-005 - ACL bypass on export

Published

2014-09-17 18:21

Written by

CiviCRM Access Control Lists (ACLs) allow site administrators to grant or revoke access to specifics groups/contacts. In CiviCRM 4.4.x, any staff user with access to the "Export" functionality could bypass the ACLs.

Security Risk

Moderately Critical

Vulnerability

Access Bypass

Affected Versions

4.4.6

(Note: 4.2.x & 4.3.x are not affected)

Fixed Versions

4.4.7

(Note: 4.2.x & 4.3.x are not affected)

Solutions

Upgrade to 4.4.7

Credits

Eileen McNaughton (Fuzion)
Kurund Jalmi (CiviCRM)

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2014-005 - ACL bypass on export

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2014-005 - ACL bypass on export

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM