5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
51.0%
This module enables you to take a field from the current entity and place it elsewhere as a block.
The module caches the block output in a manner that could allow sensitive content to be seen by visitors who should not see it.
The problem will only occur when other modules alter field output based on user permissions.
Drupal core is not affected. If you do not use the contributed Field as Block module, there is nothing you need to do.
Install the latest version:
Also see the Field as Block project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/fieldblock
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/greggles
www.drupal.org/u/hefox
www.drupal.org/user/158153
www.drupal.org/user/199303
www.drupal.org/writing-secure-code