Ricochet super-team Stephen Pope and Rick Destree were invaluable in upgrading the functionalities of the MarketTools corporate website, helping us implement new design elements and site structure, and launching a new website on very short notice when our business unit was acquired by Confirmit. Along the way, they taught me a lot about Drupal! Stephen’s help was critical in dealing with some difficult pre-existing server environment issues, and he went the extra mile many times to get us past the crunch points. I absolutely recommend Stephen and his team!
—Laura Newton

Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049

Wed, 2023-11-01 09:56 — Anonymous (not verified)

Project: Paragraphs adminDate: 2023-November-01Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultAffected versions: <1.5.0Description: This module enables you to view all paragraph entities in an admin view.
The module contains an access bypass that allows non admin users to access the view.
The vulnerability can be mitigated by editing the view to change the permission required to access the page.Solution: Install the latest version:

If you use the paragraphs_admin module for Drupal 8.x, upgrade to paragraphs_admin 8.x-1.5

Reported By:

Jen M

Fixed By:

Vladimir Roudakov

Coordinated By:

Lee Rowlands of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Damien McKenna of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-049

Search form

Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049