CVE-2022-25278

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25278

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25278.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25278

Aliases

Downstream

UBUNTU-CVE-2022-25278

Published

2023-04-26T15:15:08.747Z

Modified

2026-02-03T07:32:52.055289Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

References

https://www.drupal.org/sa-core-2022-013

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Fixed

32680a4aef16035fd6c90014761dcad8de628120

Introduced

970c1b5cfa946f683de326a3f252b5371a42186a

Fixed

bf401c8d5c5a88d442ac7e95a9eb059d123a771c

Affected versions

8.*

8.0.0

8.1.0-beta1

9.*

9.0.0-alpha1

9.0.0-alpha2

9.3.0

9.3.0-alpha1

9.3.0-beta1

9.3.0-beta2

9.3.0-beta3

9.3.0-rc1

9.3.10

9.3.11

9.3.12

9.3.13

9.3.14

9.3.15

9.3.16

9.3.17

9.3.18

9.3.2

9.3.3

9.3.4

9.3.5

9.3.6

9.3.7

9.3.8

9.3.9

9.4.0

9.4.0-alpha1

9.4.0-beta1

9.4.0-rc1

9.4.0-rc2

9.4.1

9.4.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25278.json"