A security issue has been discovered in the Drupal Forward Module, which can be exploited by malicious people to bypass certain security restrictions. The Forward module fails to properly check for security restrictions when retrieving posts. This can be exploited to gain access to restricted information by manipulating URL arguments. The security issue has been confirmed in Forward Module version 4.7.x-1.1 and is reported in versions prior to 5.x-1.0. Other versions may also be affected. Solution: Drupal 4.7.x: Edit the source code to ensure that the access restrictions are maintained. Drupal 5.x: Upgrade "Forward" to version 5.x-1.0. http://drupal.org/node/158025 Provided and/or discovered by: Drupal Security Team
setting status and cc'ing maintainer.
there is also this one: http://secunia.com/advisories/25978/
We don't ship any 3rd party modules anymore, so this issue does not affect us by default.
oh ok, sorry for the noise.
