[Security-news] Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065
security-news at drupal.org
security-news at drupal.org
Wed May 21 17:28:32 UTC 2025
View online: https://www.drupal.org/sa-contrib-2025-065
Project: Quick Node Block [1]
Date: 2025-May-21
Security risk: *Moderately critical* 13 ∕ 25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass
Affected versions: <2.0.0
CVE IDs: CVE-2025-48013
Description:
This module provides a block to easily display a rendered node.
Access to the rendered node isn't validated before rendering the block.
Allowing access to node content for users that would normally not be allowed
to access the node.
Solution:
Update to the latest version.
* If you use the Quick Node Block module, update to Quick Node Block 2.0.1
[3]
Reported By:
* Mitch Portier (arkener) [4]
Fixed By:
* Mitch Portier (arkener) [5]
* Antonio Sánchez (saesa) [6]
Coordinated By:
* Greg Knaddison (greggles) [7] of the Drupal Security Team
* Ivo Van Geertruyen (mr.baileys) [8] of the Drupal Security Team
* Juraj Nemec (poker10) [9] of the Drupal Security Team
[1] https://www.drupal.org/project/quick_node_block
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/quick_node_block/releases/2.0.1
[4] https://www.drupal.org/u/arkener
[5] https://www.drupal.org/u/arkener
[6] https://www.drupal.org/u/saesa
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/mrbaileys
[9] https://www.drupal.org/u/poker10
More information about the Security-news
mailing list