Vulnerability in Drupal Core
CVE-2022-25270
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected…
EPSS: 0.003 (49.0th percentile) — read the EPSS interpretation.
Affected products
- Drupal Core — versions 9.3.x, 9.2.x
References
- www.drupal.org/sa-core-2022-004 (x_refsource_CONFIRM)