diff --git a/2022/25xxx/CVE-2022-25278.json b/2022/25xxx/CVE-2022-25278.json index 17dd2256c46..764f4b898d6 100644 --- a/2022/25xxx/CVE-2022-25278.json +++ b/2022/25xxx/CVE-2022-25278.json @@ -1,18 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", "ID": "CVE-2022-25278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.4", + "version_value": "9.4.3" + }, + { + "version_affected": "<", + "version_name": "9.3", + "version_value": "9.3.19" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.\n\nNo forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/sa-core-2022-013", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-core-2022-013" } ] } -} \ No newline at end of file +}