Update CVE-2022-25278.json

2025-06-08 14:08:13 +00:00 · 2023-04-26 10:15:10 -04:00 · 2023-04-26 10:15:10 -04:00 · b6fb938720
commit b6fb938720
parent 94a0c74bf8
1 changed files with 58 additions and 7 deletions
--- a/2022/25xxx/CVE-2022-25278.json
+++ b/2022/25xxx/CVE-2022-25278.json
@ -1,17 +1,68 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@drupal.org",
        "ID": "CVE-2022-25278",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Core",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.4",
+                                            "version_value": "9.4.3"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "9.3",
+                                            "version_value": "9.3.19"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Drupal"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.\n\nNo forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Access Bypass"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://www.drupal.org/sa-core-2022-013",
+                "refsource": "CONFIRM",
+                "url": "https://www.drupal.org/sa-core-2022-013"
            }
        ]
    }