Entity Browser Block - Moderately critical - Access bypass - SA-CONTRIB-2022-044

Project: Entity Browser Block
Date: 2022-May-25
Security risk: Moderately critical 13∕25
Vulnerability: Access bypass

Description

Entity Browser Block provides a Block Plugin for every Entity Browser on your site.

The module didn't sufficiently check entity view access in the block form.

This vulnerability is mitigated by the fact that an attacker must be able to place a block - either through the core "Block Layout" page or via a module like Layout Builder.

Solution

Install the latest version:

If you use the entity_browser_block module for Drupal 8+, upgrade to entity_browser_block 8.x-1.2

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Backdrop · Security

Entity Browser Block - Moderately critical - Access bypass - SA-CONTRIB-2022-044

Description

Solution

We value your opinion. Please add your feedback.