The Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can edit content to view metadata about media items that they should not have access to.
An identical issue impacts the Media Library Form API Element plugin, which supports the use of the media library in custom forms, without having to use the Media Library Widget.
