Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

Project: Form mode managerDate: 2021-July-21Security risk: Moderately critical 11∕25 AC:Basic/A:User/CI:None/II:Some/E:Proof/TD:DefaultVulnerability: Access bypassDescription: This module provides a user interface that allows the implementation and use of Form modes without custom development.
The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to use a specific form mode, for example use X form mode.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2021-023