Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

Project: Form mode manager
Date: 2021-July-21
Security risk: Moderately critical 11∕25
Vulnerability: Access bypass

Description

This module provides a user interface that allows the implementation and use of Form modes without custom development.

The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to use a specific form mode, for example use X form mode.

Solution

Install the latest version:

If you use the Form mode manager module 8.x-1.x series for Drupal 8, upgrade to form_mode_manager 8.x-1.4.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.