As an academic group, we wanted to improve the look and feel of our website on a tight budget. The team at Project Ricochet was consistently responsive to our concerns and willing to help us meet our goals. They were transparent with their costs, which allowed us to pick and choose which features and changes we deemed most important. Thanks to this transparency, our new website is a substantial improvement over the old that we were able to achieve in a cost-effective fashion.
—Justin Inman, UCSF

Shorthand - Critical - Access bypass - SA-CONTRIB-2023-038

Wed, 2023-08-23 10:00 — Anonymous (not verified)

Project: ShorthandVersion: 4.0.24.0.14.0.0Date: 2023-August-23Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: <4.0.3Description: This module provides integration with Shorthand, an application which describes itself as "beautifully simple storytelling".
The module does not check appropriate permissions when displaying a list of all shorthand stories.Solution: Install the latest version:

If you use the Shorthand module for Drupal 8+, upgrade to Shorthand 4.0.3

Reported By:

Paul Martin

Fixed By:

Vladimir Roudakov

Coordinated By:

Damien McKenna of the Drupal Security Team
Dave Long of the Drupal Security Team
Greg Knaddison of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-038

Search form

Shorthand - Critical - Access bypass - SA-CONTRIB-2023-038