CVE-2022-25270

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-25270
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25270.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25270
Aliases
Published
2022-02-17T00:15:07Z
Modified
2024-06-06T13:58:41.901632Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events

Affected versions

9.*

9.2.0
9.2.1
9.2.10
9.2.11
9.2.12
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9