Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017

2024-04-2400:00:00

Drupal Security Team

www.drupal.org

progressive web applications

offline functionality

device hardware access

critical vulnerability

settings form

AI Score

Confidence

Low

JSON

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn’t sufficiently protect access to the settings form, allowing an unauthorized malicious user to view and modify the module settings.

Affected configurations

Vulners

Node

drupaladvanced_progressive_web_appRange<8.x-1.5

VendorProductVersionCPE
drupaladvanced_progressive_web_app*cpe:2.3:a:drupal:advanced_progressive_web_app:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	advanced_progressive_web_app	*	cpe:2.3:a:drupal:advanced_progressive_web_app::::::::

References

www.drupal.org/project/advanced_pwa/releases/8.x-1.5

www.drupal.org/user/102818

www.drupal.org/user/1612496

www.drupal.org/user/1850070

www.drupal.org/user/258568

www.drupal.org/user/36762

www.drupal.org/user/3734548

www.drupal.org/user/455714

AI Score

Confidence

Low

JSON