Moderately Critical Information Disclosure Vulnerability in Quick Edit Module

Staff Reporter

The Drupal security team announced on February 16^th, 2022, the moderately critical information disclosure vulnerability in Drupal Quick Edit module, SA-CONTRIB-2022-025. The vulnerability is classified moderately critical because of the 12∕25 rating based on AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default status.

The vulnerability was reported by Samuel Mortenson. The Quick Edit module does not properly check the entity access in some cases. This could cause some users with the “ access -in-place editing” permission to possibly view content they are not authorized to access.

Solution

The vulnerability is fixed by Théodore Biadala, Adam G-H, Wim Leers, Ted Bowman, Dave Long, Derek Wright, Samuel Mortenson, Joseph Zhao and the Drupal security team consisting of xjm, Lee Rowlands, Drew Webber, and Alex Bronstein.

The Solution is to install the latest version, that is if you are using the Quick Edit module for Drupal 9.x update to Quick Edit 1.0.1

Source: https://www.drupal.org/sa-contrib-2022-025

Click here to follow us on LinkedIn

Comment

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.