Media Library Block - Moderately critical - Information Disclosure - SA-CONTRIB-2023-003

Project: Media Library BlockDate: 2023-January-18Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: >=1.0 <1.0.4Description: The Media Library Block module allows you to render a media entity in a block.
The module does not properly check media access in some circumstances. This may result in unauthorized users (including anonymous users) seeing media items they are not authorized to access if a block containing a restricted media item is placed on the page.
Administrators may mitigate this vulnerability by removing blocks referencing media items that have access restrictions.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2023-003