Quick Edit - Moderately critical - Information Disclosure - SA-CONTRIB-2022-025
Project: Quick Edit
Date: 2022-February-16
Security risk: Moderately critical 12∕25
Vulnerability: Information DisclosureDescription
This advisory addresses a similar issue to Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004.
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.
Solution
Install the latest version:
- If you use the Quick Edit module for Drupal 9.x, upgrade to Quick Edit 1.0.1
We value your opinion. Please add your feedback.