CVE-2022-25270

6.5MEDIUM

Key Information

Vendor: Drupal
Status: Core
Vendor: CVE Published:; 17 February 2022

Summary

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Affected Version(s)

Core < 9.3.6

Core < 9.2.13

Refferences

https://www.drupal.org/sa-core-2022-004

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2022
Vulnerability Reserved
Feb 16, 2022

Collectors

NVD DatabaseMitre Database