NextGuard
UNKNOWNCVE-2022-25270

Incorrect authorization in Drupal core

Platform

drupal

Component

drupal

Fixed in

9.3.6

View on NVD

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

How to fix

Actualice Drupal Core a la versión 9.3.6 o 9.2.13, o una versión posterior. Esto solucionará la vulnerabilidad en el módulo Quick Edit.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free