[SECURITY-L] [Security-news] Protected Pages - Critical - Access bypass - SA-CONTRIB-2023-013
CSIRT Unicamp
security em unicamp.br
Quarta Abril 12 15:28:58 -03 2023
View online: https://www.drupal.org/sa-contrib-2023-013
Project: Protected Pages [1]
Date: 2023-April-12
Security risk: *Critical* 16∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Description:
This module enables you to secure any page with a password.
The module does not sufficiently restrict access to the page content.
Solution:
Install the latest version:
* If you use the Protected Pages module for Drupal 8/9/10, upgrade to
Protected Pages 8.x-1.6 [3]
Reported By:
* Shelane French [4]
Fixed By:
* Mark Dorison [5]
* Diego Rodrigo da Silva [6]
Coordinated By:
* Greg Knaddison [7] of the Drupal Security Team
[1] https://www.drupal.org/project/protected_pages
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/protected_pages/releases/8.x-1.6
[4] https://www.drupal.org/user/2674989
[5] https://www.drupal.org/user/346106
[6] https://www.drupal.org/user/3719795
[7] https://www.drupal.org/user/36762
_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230412/23041172/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L