BIT-drupal-2022-25274

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-25274.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-drupal-2022-25274

Aliases

Published

2024-03-06T10:53:18.690Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

Database specific

{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://www.drupal.org/sa-core-2022-009

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.3.0

Fixed

9.3.12