Auto-merge PR#8992

2025-06-08 14:08:13 +00:00 · 2023-04-26 10:25:12 -04:00 · 2023-04-26 10:25:12 -04:00 · a8d8f58ad0
commit a8d8f58ad0
parent 7f584983a6 b6fb938720
1 changed files with 58 additions and 7 deletions
--- a/2022/25xxx/CVE-2022-25278.json
+++ b/2022/25xxx/CVE-2022-25278.json
@ -1,18 +1,69 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@drupal.org",
        "ID": "CVE-2022-25278",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Core",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.4",
+                                            "version_value": "9.4.3"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.3",
+                                            "version_value": "9.3.19"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Drupal"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.\n\nNo forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Access Bypass"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://www.drupal.org/sa-core-2022-013",
+                "refsource": "CONFIRM",
+                "url": "https://www.drupal.org/sa-core-2022-013"
            }
        ]
    }
-}
+}