DRUPAL-CONTRIB-2022-025

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/quickedit/DRUPAL-CONTRIB-2022-025.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-025

Published

2022-02-16T17:07:35Z

Modified

2025-12-10T23:33:46.834959Z

Summary

[none]

Details

This advisory addresses a similar issue to Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004.

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.

References

https://www.drupal.org/sa-contrib-2022-025

Credits

- Samuel Mortenson
- - https://www.drupal.org/user/2582268

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/quickedit

Package

Name: drupal/quickedit
Purl: pkg:composer/drupal/quickedit

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.1

Database specific

{
    "constraint": "<1.0.1"
}

Database specific

affected_versions

"<1.0.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/quickedit/DRUPAL-CONTRIB-2022-025.json"