Date: 
2023-January-18
Vulnerability: 
Information Disclosure
Affected versions: 
<1.0.4
Description: 

The Media Library Block module allows you to render a media entity in a block.

The module does not properly check media access in some circumstances. This may result in unauthorized users (including anonymous users) seeing media items they are not authorized to access if a block containing a restricted media item is placed on the page.

Administrators may mitigate this vulnerability by removing blocks referencing media items that have access restrictions.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: