Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

Project: Media Responsive Thumbnail
Date: 2023-March-15
Security risk: Moderately critical 14∕25 
Vulnerability: Information disclosure

Description

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image.

This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to.

This release was coordinated with SA-CORE-2023-002.

Solution

Install the latest version:

If you use the Media Responsive Thumbnail module, upgrade to Media Responsive Thumbnail 8.x-1.5

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

Description

Solution

We value your opinion. Please add your feedback.