Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040
Project: Wingsuit - Storybook for UI Patterns
Version: 8.x-2.x-dev, 8.x-1.x-dev
Date: 2022-May-18
Security risk: Critical 16∕25
Vulnerability: Access bypass
Description
The Wingsuit module enables site builders to build UI Patterns (and|or) Twig Components with Storybook and use them without any mapping code in Drupal.
The module doesn't have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration.
Solution
Install the latest version:
If you use the wingsuit_companion 8.x-1.x module for Drupal 8.x, upgrade to Wingsuit 8.x-1.1
We value your opinion. Please add your feedback.