View online: https://www.drupal.org/sa-contrib-2024-017 Project: Advanced PWA [1] Date: 2024-April-24 Security risk: *Critical* 16∕25 AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass Affected versions: <1.5.0 Description:  Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect access to the settings form, allowing an unauthorized malicious user to view and modify the module settings. Solution:  Install the latest version: * If you use the Advanced Progressive Web App module for Drupal 8.x, upgrade to Advanced Progressive Web App 8.x-1.5 [3] Reported By:  * Matthew Grasmick [4] Fixed By:  * gMaximus [5] Coordinated By:  * Greg Knaddison [6] of the Drupal Security Team * Michael Hess [7] of the Drupal Security Team * cilefen [8] of the Drupal Security Team * Cathy Theys [9] of the Drupal Security Team [1] https://www.drupal.org/project/advanced_pwa [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/advanced_pwa/releases/8.x-1.5 [4] https://www.drupal.org/user/455714 [5] https://www.drupal.org/user/1612496 [6] https://www.drupal.org/user/36762 [7] https://www.drupal.org/user/102818 [8] https://www.drupal.org/user/1850070 [9] https://www.drupal.org/user/258568