Moderately Critical Information Disclosure Vulnerability in Quick Edit Module
The Drupal security team announced on February 16th, 2022, the moderately critical information disclosure vulnerability in Drupal Quick Edit module, SA-CONTRIB-2022-025. The vulnerability is classified moderately critical because of the 12∕25 rating based on AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default status.
The vulnerability was reported by Samuel Mortenson. The Quick Edit module does not properly check the entity access in some cases. This could cause some users with the “ access -in-place editing” permission to possibly view content they are not authorized to access.
Solution
The vulnerability is fixed by Théodore Biadala, Adam G-H, Wim Leers, Ted Bowman, Dave Long, Derek Wright, Samuel Mortenson, Joseph Zhao and the Drupal security team consisting of xjm, Lee Rowlands, Drew Webber, and Alex Bronstein.
The Solution is to install the latest version, that is if you are using the Quick Edit module for Drupal 9.x update to Quick Edit 1.0.1
ASK: Drupal Community Needs Your Support
View all →
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
You may also like
