CVE-2022-25270

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25270

Aliases

Published

2022-02-17T00:15:07Z

Modified

2024-10-12T08:40:48.253374Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References

https://www.drupal.org/sa-core-2022-004

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

943ecef3c0bc9822338252a7df6419aeb9253c9d

Fixed

7c620f0d179eee168b27509f3902f99e9fa52703

Affected versions

9.*

9.2.0

9.2.1

9.2.10

9.2.11

9.2.12

9.2.2

9.2.3

9.2.4

9.2.5

9.2.6

9.2.7

9.2.8

9.2.9