exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-25274

больше 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

больше 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

CVSS3: 5.4

EPSS: Низкий

CVE-2022-25274

больше 2 лет назад

Drupal 9.3 implemented a generic entity access API for entity revision ...

CVSS3: 5.4

EPSS: Низкий

GHSA-7jr4-hgqx-vwgq

больше 2 лет назад

Access bypass in Drupal core

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	больше 2 лет назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.	CVSS3: 5.4	0% Низкий	больше 2 лет назад
CVE-2022-25274 Drupal 9.3 implemented a generic entity access API for entity revision ...	CVSS3: 5.4	0% Низкий	больше 2 лет назад
GHSA-7jr4-hgqx-vwgq Access bypass in Drupal core	CVSS3: 5.4	0% Низкий	больше 2 лет назад

Уязвимостей на страницу