Vulnerabilities > CVE-2022-25270 - Incorrect Authorization vulnerability in Drupal

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

drupal

CWE-863

NVD

Published: 2022-02-17

Updated: 2022-02-25

Summary

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Vulnerable Configurations

Part	Description	Count
Application	Drupal Drupal Drupal 9.3.0 Drupal Drupal 9.3.1 Drupal Drupal 9.3.2 Drupal Drupal 9.3.3 Drupal Drupal 9.3.4 Drupal Drupal 9.3.5 Drupal Drupal 9.2.0 Drupal Drupal 9.2.1 Drupal Drupal 9.2.2 Drupal Drupal 9.2.3 Drupal Drupal 9.2.4 Drupal Drupal 9.2.5 Drupal Drupal 9.2.6 Drupal Drupal 9.2.7 Drupal Drupal 9.2.8 Drupal Drupal 9.2.9 Drupal Drupal 9.2.10 Drupal Drupal 9.2.11 Drupal Drupal 9.2.12	29

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.drupal.org/sa-core-2022-004