Описание
Drupal core Access control bypass
The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.
Solution:
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on /admin/config/media/media-library. (This mitigation is not available in 8.7.x.)
Пакеты
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.11
8.7.11
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.8.0, < 8.8.1
8.8.1
4.3 Medium
CVSS3
4.3 Medium
CVSS3