Project: 
Modal
Date: 
2019-December-11
Security risk: 
Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: 
Access bypass
Affected versions: 
<2.5.0
Description: 

This project enables administrators to create modal dialogs.

The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations.

Solution: 
  • If you use the Modal Page module 8.x-2.x, upgrade to 8.x-2.5
  • Review user permissions after updating to ensure only trusted users have access to manage modals.
Reported By: 
Fixed By: 
Coordinated By: