[Security-news] Protected Pages - Critical - Access bypass - SA-CONTRIB-2023-013
security-news at drupal.org
security-news at drupal.org
Wed Apr 12 16:40:22 UTC 2023
View online: https://www.drupal.org/sa-contrib-2023-013
Project: Protected Pages [1]
Date: 2023-April-12
Security risk: *Critical* 16∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Description:
This module enables you to secure any page with a password.
The module does not sufficiently restrict access to the page content.
Solution:
Install the latest version:
* If you use the Protected Pages module for Drupal 8/9/10, upgrade to
Protected Pages 8.x-1.6 [3]
Reported By:
* Shelane French [4]
Fixed By:
* Mark Dorison [5]
* Diego Rodrigo da Silva [6]
Coordinated By:
* Greg Knaddison [7] of the Drupal Security Team
[1] https://www.drupal.org/project/protected_pages
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/protected_pages/releases/8.x-1.6
[4] https://www.drupal.org/user/2674989
[5] https://www.drupal.org/user/346106
[6] https://www.drupal.org/user/3719795
[7] https://www.drupal.org/user/36762
More information about the Security-news
mailing list