CVE-2022-25270
MEDIUMDrupal 9.2.0-9.2.12 and 9.3.0-9.3.5 - Incorrect Authorization in Quick Edit Module
Title source: llmDescription
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.drupal.org/sa-core-2022-004
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
48.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (2)
drupal/core
9.3.0 - 9.3.6Packagist
drupal/drupal
9.2.0 - 9.2.13
Published
Feb 17, 2022
Tracked Since
Feb 18, 2026