Project:
Date:
2019-November-13
Vulnerability:
Access bypass
Description:
This module replaces administrative overview/listing pages with actual views for superior usability.
The module doesn't sufficiently check user access when using the "Menu system path" access handler on a Views displays other than "System".
Update:
This project had been unsupported due to this advisory. The security issue is now fixed and the project is supported again.
Solution:
Install the latest version:
- If you use the Administrator Views module for Drupal 7.x, upgrade to Administrator Views 7.x-1.7
Also see the Administration Views project page.
Reported By:
- David Rothstein of the Drupal Security Team
Fixed By:
- David Snopek of the Drupal Security Team
- Vijaya Chandran Mani, the module maintainer
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Michael Hess of the Drupal Security Team
