Pubblicato
2014-09-17 18:21
CiviCRM Access Control Lists (ACLs) allow site administrators to grant or revoke access to specifics groups/contacts. In CiviCRM 4.4.x, any staff user with access to the "Export" functionality could bypass the ACLs.
Security Risk
Moderately Critical
Vulnerability
Access Bypass
Affected Versions
4.4.6
(Note: 4.2.x & 4.3.x are not affected)
Fixed Versions
4.4.7
(Note: 4.2.x & 4.3.x are not affected)
Solutions
Upgrade to 4.4.7
Credits
- Eileen McNaughton (Fuzion)
- Kurund Jalmi (CiviCRM)