View online: https://www.drupal.org/sa-contrib-2023-013

Project: Protected Pages [1] Date: 2023-April-12 Security risk: *Critical* 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass

Description:  This module enables you to secure any page with a password.

The module does not sufficiently restrict access to the page content.

Solution:  Install the latest version:

* If you use the Protected Pages module for Drupal 8/9/10, upgrade to Protected Pages 8.x-1.6 [3]

Reported By:  * Shelane French [4]

Fixed By:  * Mark Dorison [5] * Diego Rodrigo da Silva [6]

Coordinated By:  * Greg Knaddison [7] of the Drupal Security Team

[1] https://www.drupal.org/project/protected_pages [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/protected_pages/releases/8.x-1.6 [4] https://www.drupal.org/user/2674989 [5] https://www.drupal.org/user/346106 [6] https://www.drupal.org/user/3719795 [7] https://www.drupal.org/user/36762