BIT-drupal-2022-25270

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-25270.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-drupal-2022-25270

Aliases

Published

2024-03-06T10:53:49.081Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Database specific

{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://www.drupal.org/sa-core-2022-004

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.2.0

Fixed

9.2.13

Introduced

9.3.0

Fixed

9.3.6