Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

Project: Drupal core
Date: 2022-July-20
Security risk: Moderately critical 12∕25
Vulnerability: Access Bypass

Description

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.

No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

Solution

Install the latest version:

If you are using Drupal 9.4, update to Drupal 9.4.3.
If you are using Drupal 9.3, update to Drupal 9.3.19.

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core is not affected.

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

Description

Solution

We value your opinion. Please add your feedback.