The Media Library module has a security vulnerability whereby it doesnβt sufficiently restrict access to media items in certain configurations.
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Alternatively, you may mitigate this vulnerability by unchecking the βEnable advanced UIβ checkbox on /admin/config/media/media-library
. (This mitigation is not available in 8.7.x.)
CPE | Name | Operator | Version |
---|---|---|---|
drupal/drupal | lt | 8.8.1 | |
drupal/drupal | lt | 8.7.11 |