CVE-2022-25274
CVSS V2 None
CVSS V3 None
Description
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content.
This vulnerability only affects sites using Drupal's revision system.
Overview
- CVE ID
- CVE-2022-25274
- Assigner
- mlhess@drupal.org
- Vulnerability Status
- Received
- Published Version
- 2023-04-26T14:15:09
- Last Modified Date
- 2023-04-26T14:15:09
References
| Reference URL | Reference Tags |
|---|---|
| https://www.drupal.org/sa-core-2022-009 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-25274 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25274 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-26 15:01:12 | Added to TrackCVE |