Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

Project: Config PagesVersion: 8.x-2.88.x-2.78.x-2.68.x-2.58.x-2.48.x-2.38.x-2.28.x-2.18.x-2.0Date: 2023-August-23Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: <2.9.0Description: This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site.
The module doesn't sufficiently validate access when the JSONAPI module is also installed.
This vulnerability is mitigated by the fact that it only affects sites when the JSONAPI module is installed.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article