=====================================================================

                                CERT-Renater

                     Note d'Information No. 2023/VULN462

_____________________________________________________________________

DATE                : 08/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Paragraphs admin versions 5.3.x,
                       5.1.x, 4.8.x prior to 5.3.23, 5.1.16, 4.8.11.

=====================================================================
https://www.drupal.org/sa-contrib-2023-049
_____________________________________________________________________


Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049
Project:            Paragraphs admin
Date:               2023-November-01
Security risk: Moderately critical 14∕25 
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Affected versions:  <1.5.0


Description:
This module enables you to view all paragraph entities in an admin
view.
The module contains an access bypass that allows non admin users to
access the view.
The vulnerability can be mitigated by editing the view to change
the permission required to access the page.


Solution:
Install the latest version:

     If you use the Paragraphs Admin module version 8.x-1.x, upgrade
to paragraphs_admin 8.x-1.5


Reported By:
     Jen M

Fixed By:
     Vladimir Roudakov


Coordinated By:
     Lee Rowlands of the Drupal Security Team
     Greg Knaddison of the Drupal Security Team
     Damien McKenna of the Drupal Security Team




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================