CVE-2022-25270 Information
Share on:
Jun 06, 2022
cve
Description
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the ccess in-place editing\ permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
https://www.drupal.org/sa-core-2022-004
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.5