"Ricochet was very impressive with their knowledge, abilities and professionalism. We never ran into a technological roadblock or problem that couldn't be solved. They were able to offer new, cutting-edge solutions around every corner, and they were fantastic about staying in communication. It seemed like we were always able to get ahold of someone, whether it was Tuesday at 1am or Saturday at 7am, someone was quick to respond and help address an emergency or even a simple inquiry. Truly professional service, and quality work.
—Jacob Sowinski, Blue Canvas

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

Wed, 2023-03-15 10:22 — Anonymous (not verified)

Project: Media Responsive ThumbnailDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureDescription: The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image.
This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to.
This release was coordinated with SA-CORE-2023-002.Solution: Install the latest version:

If you use the Media Responsive Thumbnail module, upgrade to Media Responsive Thumbnail 8.x-1.5

Reported By:

Dan Flanagan

Fixed By:

Ivan Vidusenko
Benji Fisher of the Drupal Security Team

Coordinated By:

Benji Fisher of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Joseph Zhao Provisional Member of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Dave Long of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-010

Search form

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010