Unauthorized access to screen In drupal/core
Description
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files.
This release was coordinated with SA-CONTRIB-2023-010.
This advisory is not covered by Drupal Steward.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | =10.0.0 || =10.0.1 || =10.0.2 || =10.0.3 || =10.0.4 || =8.0.0 || =8.0.1 || =8.0.2 || =8.0.3 || =8.0.4 || =8.0.5 || =8.0.6 || =8.1.0 || =8.1.0-beta1 || =8.1.0-beta2 || =8.1.0-rc1 || =8.1.1 || =8.1.10 || =8.1.2 || =8.1.3 || =8.1.4 || =8.1.5 || =8.1.6 || =8.1.7 || =8.1.8 || =8.1.9 || =8.2.0 || =8.2.0-beta1 || =8.2.0-beta2 || =8.2.0-beta3 || =8.2.0-rc1 || =8.2.0-rc2 || =8.2.1 || =8.2.2 || =8.2.3 || =8.2.4 || =8.2.5 || =8.2.6 || =8.2.7 || =8.2.8 || =8.3.0 || =8.3.0-alpha1 || =8.3.0-beta1 || =8.3.0-rc1 || =8.3.0-rc2 || =8.3.1 || =8.3.2 || =8.3.3 || =8.3.4 || =8.3.5 || =8.3.6 || =8.3.7 || =8.3.8 || =8.3.9 || =8.4.0 || =8.4.0-alpha1 || =8.4.0-beta1 || =8.4.0-rc1 || =8.4.0-rc2 || =8.4.1 || =8.4.2 || =8.4.3 || =8.4.4 || =8.4.5 || =8.4.6 || =8.4.7 || =8.4.8 || =8.5.0 || =8.5.0-alpha1 || =8.5.0-beta1 || =8.5.0-rc1 || =8.5.1 || =8.5.10 || =8.5.11 || =8.5.12 || =8.5.13 || =8.5.14 || =8.5.15 || =8.5.2 || =8.5.3 || =8.5.4 || =8.5.5 || =8.5.6 || =8.5.7 || =8.5.8 || =8.5.9 || =8.6.0 || =8.6.0-alpha1 || =8.6.0-beta1 || =8.6.0-beta2 || =8.6.0-rc1 || =8.6.1 || =8.6.10 || =8.6.11 || =8.6.12 || =8.6.13 || =8.6.14 || =8.6.15 || =8.6.16 || =8.6.17 || =8.6.18 || =8.6.2 || =8.6.3 || =8.6.4 || =8.6.5 || =8.6.6 || =8.6.7 || =8.6.8 || =8.6.9 || =8.7.0 || =8.7.0-alpha1 || =8.7.0-alpha2 || =8.7.0-beta1 || =8.7.0-beta2 || =8.7.0-rc1 || =8.7.1 || =8.7.10 || =8.7.11 || =8.7.12 || =8.7.13 || =8.7.14 || =8.7.2 || =8.7.3 || =8.7.4 || =8.7.5 || =8.7.6 || =8.7.7 || =8.7.8 || =8.7.9 || =8.8.0 || =8.8.0-alpha1 || =8.8.0-beta1 || =8.8.0-rc1 || =8.8.1 || =8.8.10 || =8.8.11 || =8.8.12 || =8.8.2 || =8.8.3 || =8.8.4 || =8.8.5 || =8.8.6 || =8.8.7 || =8.8.8 || =8.8.9 || =8.9.0 || =8.9.0-beta1 || =8.9.0-beta2 || =8.9.0-beta3 || =8.9.0-rc1 || =8.9.1 || =8.9.10 || =8.9.11 || =8.9.12 || =8.9.13 || =8.9.14 || =8.9.15 || =8.9.16 || =8.9.17 || =8.9.18 || =8.9.19 || =8.9.2 || =8.9.20 || =8.9.3 || =8.9.4 || =8.9.5 || =8.9.6 || =8.9.7 || =8.9.8 || =8.9.9 || =9.0.0 || =9.0.0-alpha1 || =9.0.0-alpha2 || =9.0.0-beta1 || =9.0.0-beta2 || =9.0.0-beta3 || =9.0.0-rc1 || =9.0.1 || =9.0.10 || =9.0.11 || =9.0.12 || =9.0.13 || =9.0.14 || =9.0.2 || =9.0.3 || =9.0.4 || =9.0.5 || =9.0.6 || =9.0.7 || =9.0.8 || =9.0.9 || =9.1.0 || =9.1.0-alpha1 || =9.1.0-beta1 || =9.1.0-rc1 || =9.1.0-rc2 || =9.1.0-rc3 || =9.1.1 || =9.1.10 || =9.1.11 || =9.1.12 || =9.1.13 || =9.1.14 || =9.1.15 || =9.1.2 || =9.1.3 || =9.1.4 || =9.1.5 || =9.1.6 || =9.1.7 || =9.1.8 || =9.1.9 || =9.2.0 || =9.2.0-alpha1 || =9.2.0-beta1 || =9.2.0-beta2 || =9.2.0-beta3 || =9.2.0-rc1 || =9.2.1 || =9.2.10 || =9.2.11 || =9.2.12 || =9.2.13 || =9.2.14 || =9.2.15 || =9.2.16 || =9.2.17 || =9.2.18 || =9.2.19 || =9.2.2 || =9.2.20 || =9.2.21 || =9.2.3 || =9.2.4 || =9.2.5 || =9.2.6 || =9.2.7 || =9.2.8 || =9.2.9 || =9.3.0 || =9.3.0-alpha1 || =9.3.0-beta1 || =9.3.0-beta2 || =9.3.0-beta3 || =9.3.0-rc1 || =9.3.1 || =9.3.10 || =9.3.11 || =9.3.12 || =9.3.13 || =9.3.14 || =9.3.15 || =9.3.16 || =9.3.17 || =9.3.18 || =9.3.19 || =9.3.2 || =9.3.20 || =9.3.21 || =9.3.22 || =9.3.3 || =9.3.4 || =9.3.5 || =9.3.6 || =9.3.7 || =9.3.8 || =9.3.9 || =9.4.0 || =9.4.0-alpha1 || =9.4.0-beta1 || =9.4.0-rc1 || =9.4.0-rc2 || =9.4.1 || =9.4.10 || =9.4.11 || =9.4.2 || =9.4.3 || =9.4.4 || =9.4.5 || =9.4.6 || =9.4.7 || =9.4.8 || =9.4.9 || =9.5.0 || =9.5.1 || =9.5.2 || =9.5.3 || =9.5.4 || >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5 | 9.4.12, 9.5.5, 10.0.5 |
Aliases
References
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.