Boletines de Vulnerabilidades

Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureDescription: The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.Sites are only affected if the QuickEdit module (which comes with the Standard

More info:

https://www.drupal.org/sa-core-2022-004

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-02-17

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT