Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037
Project: Config Pages Version: 8.x-2.8, 8.x-2.7, 8.x-2.6, 8.x-2.5,8.x-2.4, 8.x-2.3, 8.x-2.2, 8.x-2.1, 8.x-2.0 Date: 2023-August-23 Security risk: Moderately critical 12∕25 Vulnerability: Information Disclosure Affected versions: <2.9.0
This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site.
The module doesn't sufficiently validate access when the JSONAPI module is also installed.
This vulnerability is mitigated by the fact that it only affects sites when the JSONAPI module is installed.
Install the latest version:
If you use the Config Pages module for Drupal 8+, upgrade to Config Pages 8.x-2.9