Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022

Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022

Project: Block Content Revision UI
Date: 2021-June-30
Security risk: Moderately critical 11∕25
Vulnerability: Access bypass

Description

This module provides a revision UI for Block Content entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Block Content Revision UI, and another affected module must be enabled.

Solution

Install the latest version:

If you use the Block Content Revision UI module for Drupal 8.x, upgrade to Block Content Revision UI 2.127.2

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.