Gutenberg - Critical - Access bypass - SA-CONTRIB-2019-069

Project: GutenbergDate: 2019-September-25Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a new UI experience for node editing - Gutenberg editor.
The routes used by the Gutenberg editor lack proper permissions allowing untrusted users to view and modify some content they should not be able to view or modify.Solution: Install the latest version:

  • If you use the Gutenberg module 8.x-1.x, upgrade to 8.x-1.8
  • For roles other than administrator, the Administer Gutenberg permission must be given to handle media files on the Gutenberg editor.

Also see the Gutenberg project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-069