CVE-2022-25270

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25270

Aliases

Published

2022-02-17T00:15:07.710Z

Modified

2026-02-11T13:27:32.300123Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

698ee686c23de8c97d7e0601cf745b220d54f4e1

Fixed

e205f31c36c6db950f50d473cfd24ad22ac98ae1

Introduced

943ecef3c0bc9822338252a7df6419aeb9253c9d

Fixed

7c620f0d179eee168b27509f3902f99e9fa52703

Affected versions

9.*

9.2.0

9.2.1

9.2.10

9.2.11

9.2.12

9.2.2

9.2.3

9.2.4

9.2.5

9.2.6

9.2.7

9.2.8

9.2.9

9.3.0

9.3.2

9.3.3

9.3.4

9.3.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25270.json"