{"id":"DRUPAL-CONTRIB-2020-032","details":"The Group module enables you to hand out permissions on a smaller subset, section or community of your website.\n\nWith the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.","modified":"2025-12-10T23:30:25.411664Z","published":"2020-08-05T15:47:56Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2020-032"}],"affected":[{"package":{"name":"drupal/group","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/group"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0"}],"database_specific":{"constraint":"\u003c1.2.0"}}],"database_specific":{"affected_versions":"\u003c1.2.0","source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/group/DRUPAL-CONTRIB-2020-032.json"}}],"schema_version":"1.7.3","credits":[{"name":"Martijn Vermeulen","contact":["https://www.drupal.org/user/960720"]},{"name":"Sean Blommaert","contact":["https://www.drupal.org/user/545912"]}]}