This module enables users to create 'private' vocabularies.
The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View private taxonomies"
Install the latest version:
- If you use the Private Taxonomy Terms module for Drupal 8.x, upgrade to Private Taxonomy Terms 8.x-2.6
- Damien McKenna of the Drupal Security Team
- xjm of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team