CVE-2022-25278: Access bypass in Drupal Core

April 26, 2023 (updated May 9, 2023)

Drupal core form API evaluates form element access incorrectly. This can lead to a user being able to alter data they should not have access to.

References

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
github.com/advisories/GHSA-cfh2-7f6h-3m85
www.drupal.org/sa-core-2022-013

Code Behaviors & Features

Detect and mitigate CVE-2022-25278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →