CVE-2022-25278

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25278

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25278.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25278

Aliases

Related

UBUNTU-CVE-2022-25278

Published

2023-04-26T15:15:08Z

Modified

2024-09-03T04:13:07.201670Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

References

https://www.drupal.org/sa-core-2022-013

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Fixed

32680a4aef16035fd6c90014761dcad8de628120

Affected versions

8.*

8.0.0

8.1.0-beta1

9.*

9.0.0-alpha1

9.0.0-alpha2

9.3.0

9.3.0-alpha1

9.3.0-beta1

9.3.0-beta2

9.3.0-beta3

9.3.0-rc1

9.3.10

9.3.11

9.3.12

9.3.13

9.3.14

9.3.15

9.3.16

9.3.17

9.3.18

9.3.2

9.3.3

9.3.4

9.3.5

9.3.6

9.3.7

9.3.8

9.3.9