Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094

Project: Modal PageVersion: 8.x-2.48.x-2.38.x-2.28.x-2.18.x-2.0Date: 2019-December-11Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This project enables administrators to create modal dialogs.
The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations.Solution: 

  • If you use the Modal Page module 8.x-2.x, upgrade to 8.x-2.5
  • Review user permissions after updating to ensure only trusted users have access to manage modals.

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-094