Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 - Security-news

21 May 2025


      View online: https://www.drupal.org/sa-contrib-2025-065
Project: Quick Node Block [1]
Date: 2025-May-21
Security risk: *Moderately critical* 13 ∕ 25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass
Affected versions: <2.0.0
CVE IDs: CVE-2025-48013
Description: 
This module provides a block to easily display a rendered node.
Access to the rendered node isn't validated before rendering the block.
Allowing access to node content for users that would normally not be allowed
to access the node.
Solution: 
Update to the latest version.
* If you use the Quick Node Block module, update to Quick Node Block 2.0.1
    [3]
Reported By: 
  * Mitch Portier (arkener) [4]
Fixed By: 
  * Mitch Portier (arkener) [5]
  * Antonio Sánchez (saesa) [6]
Coordinated By: 
  * Greg Knaddison (greggles) [7] of the Drupal Security Team
  * Ivo  Van Geertruyen (mr.baileys) [8] of the Drupal Security Team
  * Juraj Nemec (poker10) [9] of the Drupal Security Team
[1] https://www.drupal.org/project/quick_node_block
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/quick_node_block/releases/2.0.1
[4] https://www.drupal.org/u/arkener
[5] https://www.drupal.org/u/arkener
[6] https://www.drupal.org/u/saesa
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/mrbaileys
[9] https://www.drupal.org/u/poker10