UBUNTU-CVE-2022-25278

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-25278

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-25278.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-25278

Related

CVE-2022-25278

Published

2023-04-26T15:15:00Z

Modified

2025-01-13T10:23:27Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

References

Affected packages

Ubuntu:Pro:14.04:LTS / drupal7

Package

Name: drupal7
Purl: pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.23-1

7.24-1

7.24-2

7.26-1

7.26-1ubuntu0.1

7.26-1ubuntu0.1+esm1

7.26-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / drupal7

Package

Name: drupal7
Purl: pkg:deb/ubuntu/drupal7@7.44-1ubuntu1~16.04.0+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.38-1

7.41-1

7.44-1ubuntu1~16.04.0

7.44-1ubuntu1~16.04.0+esm1

7.44-1ubuntu1~16.04.0+esm2

Ecosystem specific

{
    "ubuntu_priority": "low"
}