it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065
- Date: Wed, 21 May 2025 17:28:32 +0000 (UTC)
- Authentication-results: lists.piratenpartei.de; dkim=pass header.d=drupal.org header.s=default header.b=K88yVVJO; spf=pass (lists.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 2605:bc80:3010::138 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
- Dkim-filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 2FDE883C85
- Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org CAF344073C
- List-archive: <http://lists.drupal.org/pipermail/security-news/>
- List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2025-065
Project: Quick Node Block [1]
Date: 2025-May-21
Security risk: *Moderately critical* 13 ∕ 25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass
Affected versions: <2.0.0
CVE IDs: CVE-2025-48013
Description:
This module provides a block to easily display a rendered node.
Access to the rendered node isn't validated before rendering the block.
Allowing access to node content for users that would normally not be allowed
to access the node.
Solution:
Update to the latest version.
* If you use the Quick Node Block module, update to Quick Node Block 2.0.1
[3]
Reported By:
* Mitch Portier (arkener) [4]
Fixed By:
* Mitch Portier (arkener) [5]
* Antonio Sánchez (saesa) [6]
Coordinated By:
* Greg Knaddison (greggles) [7] of the Drupal Security Team
* Ivo Van Geertruyen (mr.baileys) [8] of the Drupal Security Team
* Juraj Nemec (poker10) [9] of the Drupal Security Team
[1] https://www.drupal.org/project/quick_node_block
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/quick_node_block/releases/2.0.1
[4] https://www.drupal.org/u/arkener
[5] https://www.drupal.org/u/arkener
[6] https://www.drupal.org/u/saesa
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/mrbaileys
[9] https://www.drupal.org/u/poker10
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065, security-news, 21.05.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.