Headline
GHSA-cfh2-7f6h-3m85: Access bypass in Drupal Core
Drupal core form API evaluates form element access incorrectly. This can lead to a user being able to alter data they should not have access to.
Access bypass in Drupal Core
Moderate severity GitHub Reviewed Published Apr 24, 2023 to the GitHub Advisory Database • Updated Apr 24, 2023
Related news
CVE-2022-25278: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.