6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.4%
This module replaces administrative overview/listing pages with Views for improved usability.
When combined with other contributed or custom modules, the Administration Views module improperly grants users access to administration pages including the permissions page.
This vulnerability is mitigated by the fact that it does not appear in the module itself, but only when combined with select other custom or contributed modules.
Drupal core is not affected. If you do not use the contributed Administration Views module, there is nothing you need to do.
Install the latest version:
Also see the Administration Views project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/admin_views
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/rob230
www.drupal.org/user/202648
www.drupal.org/user/2301194
www.drupal.org/user/36762
www.drupal.org/writing-secure-code