Drupal Config Pages Viewer Missing Authentication Vulnerability Allowing Access Bypass
Vulnerability
A critical access bypass vulnerability has been identified in the Drupal Config Pages Viewer module, affecting versions prior to 1.0.4. This vulnerability arises from missing authentication checks for critical functions, allowing exploitation of improperly configured access control settings. As a result, the module may render content from config_pages without verifying user permissions or entity access.
Impact
Exploitation of this vulnerability could lead to unauthorized access to configuration pages, bypassing normal access control measures.
Remediation
Users of the Config Pages Viewer module should upgrade to version 1.0.4.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.