Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2021-024
Project: Pages Restriction Access Date: 2021-July-28 Security risk: Critical 16∕25 Vulnerability: Access bypass
This project enables administrators to restrict access from anonymous and regular users to pre-defined pages.
The administration routes used by the project lacked proper permissions, allowing untrusted users to access, create and modify the module's settings.
Install the latest version:
If you use the Pages Restriction Access for Drupal 8.x, upgrade to Pages Restriction Access for Drupal 8.x-1.4