exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-25274

около 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

около 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

около 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revision ...

CVSS3: 5.4

EPSS: Низкий

GHSA-7jr4-hgqx-vwgq

около 2 лет назад

Access bypass in Drupal core

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	около 2 лет назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	около 2 лет назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revision ...	CVSS3: 5.4	0% Низкий	около 2 лет назад
GHSA-7jr4-hgqx-vwgq Access bypass in Drupal core	CVSS3: 5.4	0% Низкий	около 2 лет назад

Уязвимостей на страницу