CVE-2022-25270

MEDIUM6.5EPSS 0.25%

Incorrect authorization in Drupal core

發布日:2022/2/16修改日:2025/12/10

也稱為:GHSA-73q4-j324-2qccBIT-drupal-2022-25270DRUPAL-CORE-2022-004

描述

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

受影響套件(3)

Bitnami/drupal>= 9.2.0, < 9.2.13, >= 9.3.0, < 9.3.6
Packagist/drupal/core>= 8.0.0, < 9.2.13 | >= 9.3.0, < 9.3.6
Packagist/drupal/core>= 9.3.0, < 9.3.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25270
WEBhttps://www.drupal.org/sa-core-2022-004