Gutenberg - Critical - Access bypass - SA-CONTRIB-2021-007
Project: Gutenberg
Version: 8.x-2.x-dev, 8.x-1.x-dev
Date: 2021-May-12
Security risk: Critical 18∕25
Vulnerability: Access bypass
Description
This module provides a new UI experience for node editing using the Gutenberg Editor library.
The module did not correctly validate access rules in certain situations allowing anonymous users to delete blocks.
Solution
Install the latest version:
- If you use the Gutenberg module 8.x-1.x, upgrade to 8.x-1.12
- If you use the Gutenberg module 8.x-2.x, upgrade to 8.x-2.0
- For roles other than administrator, the "Administer Gutenberg" (8.x-1.x) or the "Use Gutenberg" (8.x-2.x) permission must be given to view and delete reusable blocks.
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.
We value your opinion. Please add your feedback.