Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040

Project: Wingsuit - Storybook for UI PatternsVersion: 8.x-2.x-dev8.x-1.x-devDate: 2022-May-18Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The Wingsuit module enables site builders to build UI Patterns (and|or) Twig Components with Storybook and use them without any mapping code in Drupal.
The module doesn't have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration.Solution: Install the latest version:

  • If you use the wingsuit_companion 8.x-1.x module for Drupal 8.x, upgrade to Wingsuit 8.x-1.1

Reported By: 

Fixed By: 

Coordinated By: 

Path to article