exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-25274

почти 3 года назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

почти 3 года назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

почти 3 года назад

Drupal 9.3 implemented a generic entity access API for entity revision ...

CVSS3: 5.4

EPSS: Низкий

GHSA-7jr4-hgqx-vwgq

почти 3 года назад

Access bypass in Drupal core

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	почти 3 года назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	почти 3 года назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revision ...	CVSS3: 5.4	0% Низкий	почти 3 года назад
GHSA-7jr4-hgqx-vwgq Access bypass in Drupal core	CVSS3: 5.4	0% Низкий	почти 3 года назад

Уязвимостей на страницу