5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
This module enables you to display an entityform as a block.
The module doesn’t sufficiently check permissions on the entityform under scenarios where the form is locked to a certain role.
Drupal core is not affected. If you do not use the contributed Entityform block module,
there is nothing you need to do.
Install the latest version:
Also see the Entityform block project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2483687
www.drupal.org/project/entityform_block
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/rickmanelius
www.drupal.org/u/timodwhit
www.drupal.org/user/154069
www.drupal.org/user/599438
www.drupal.org/writing-secure-code