[Security-news] Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065

security-news at drupal.org security-news at drupal.org
Wed May 21 17:28:32 UTC 2025


View online: https://www.drupal.org/sa-contrib-2025-065

Project: Quick Node Block [1]
Date: 2025-May-21
Security risk: *Moderately critical* 13 ∕ 25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass

Affected versions: <2.0.0
CVE IDs: CVE-2025-48013
Description: 
This module provides a block to easily display a rendered node.

Access to the rendered node isn't validated before rendering the block.
Allowing access to node content for users that would normally not be allowed
to access the node.

Solution: 
Update to the latest version.

  * If you use the Quick Node Block module, update to Quick Node Block 2.0.1
    [3]

Reported By: 
  * Mitch Portier (arkener) [4]

Fixed By: 
  * Mitch Portier (arkener) [5]
  * Antonio Sánchez (saesa) [6]

Coordinated By: 
  * Greg Knaddison (greggles) [7] of the Drupal Security Team
  * Ivo  Van Geertruyen (mr.baileys) [8] of the Drupal Security Team
  * Juraj Nemec (poker10) [9] of the Drupal Security Team


[1] https://www.drupal.org/project/quick_node_block
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/quick_node_block/releases/2.0.1
[4] https://www.drupal.org/u/arkener
[5] https://www.drupal.org/u/arkener
[6] https://www.drupal.org/u/saesa
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/mrbaileys
[9] https://www.drupal.org/u/poker10



More information about the Security-news mailing list