PT-2022-1768 · Drupal+2 · Drupal+2
Samuel Mortenson
·
Published
2022-02-16
·
Updated
2024-03-06
·
CVE-2022-25270
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal (affected versions not specified)
Description
The issue is related to the Quick Edit module in the Drupal content management system, which does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are not authorized to access. Sites are only affected if the QuickEdit module is installed.
Recommendations
For Drupal sites with the QuickEdit module installed, consider restricting access to the Quick Edit functionality until a proper fix is applied.
As a temporary workaround, review and adjust the permissions related to "access in-place editing" to minimize the risk of unauthorized access to content.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Drupal
Quickedit
Red Os