Lucene search

K
osvGoogleOSV:GHSA-MH4H-27GQ-CXWJ
HistoryMay 15, 2024 - 8:44 p.m.

Drupal core Access bypass

2024-05-1520:44:16
Google
osv.dev
2
drupal
core
media library
security
vulnerability
upgrade
mitigate
software

7 High

AI Score

Confidence

Low

The Media Library module has a security vulnerability whereby it doesn’t sufficiently restrict access to media items in certain configurations.

Solution:
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.

Alternatively, you may mitigate this vulnerability by unchecking the “Enable advanced UI” checkbox on /admin/config/media/media-library. (This mitigation is not available in 8.7.x.)

7 High

AI Score

Confidence

Low