CVE-2022-25270: Incorrect Authorization

February 17, 2022 (updated February 25, 2022)

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the “access in-place editing” permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References

nvd.nist.gov/vuln/detail/CVE-2022-25270
www.drupal.org/sa-core-2022-004

Code Behaviors & Features

Detect and mitigate CVE-2022-25270 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →