Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
Project: Drupal core Date: 2022-July-20 Security risk: Moderately critical 12∕25 Vulnerability: Access Bypass
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.
No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
Install the latest version:
- If you are using Drupal 9.4, update to Drupal 9.4.3.
- If you are using Drupal 9.3, update to Drupal 9.3.19.
All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Drupal 7 core is not affected.